Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

02 May 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:05:00 Win2K-f 86.141.7.161 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:00:07:00 WinXP 91.64.30.69 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 218.93.14.236:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 27 of 30 1c452a39ae
NEW none[4] none:none
none|none none trace

00:21:00 Win2K-f 60.54.58.10 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 218.93.14.236:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:00:26:00 WinXP 88.156.91.214 (VECTRANET.PL):
NETWORK IN BIALYSTOK GDYNIA SKIERNIEWICE KOSCIERZYNA BELCHATOW,
'S-HERTOGENBOSCH, NOORD-BRABANT, NL. 218.93.14.236:7000 CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.8
profile none summary
tarball 25 of 32 bd7864188f
[Firefox: 3 hits: 04-28 to 05-02] 9d2956530a [0] ASM:Graph
ASProtect| lines=393
embedded dns trace

T:00:27:00 Win2K-f 70.104.116.36 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
US. (DSL) n/a DE:flu.flutp.com
DE:tui.tuipo.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 4 of 32 bb39112200
[Firefox: 2 hits: 05-02 to 05-02] bb39112200 [1] ASM:Graph
StarForce| lines=84 trace

00:29:00 WinXP 124.105.176.147 (PLDT.NET):
CTAC7300I03_CONSUMER,
PH. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:00:37:00 Win2K-f 78.57.105.7 (ZEBRA.LT):
LIETUVOS,
VILNIUS, VILNIAUS APSKRITIS, LT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 31 cf34e3d41c
NEW none[4] none:none
none|none none trace

T:00:54:00 WinXP 125.162.98.50 (-):
TLKM_D1_BB_SPEEDY_PG,
PALEMBANG, SUMATERA SELATAN, ID. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

01:00:00 Win2K-f 117.1.188.183 (ADSL.VIETTEL.VN):
VIETEL CORPORATION,
HANOI, HA NOI, VN. n/a DE:proxim.ircgalaxy.pl
CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 30 845d4138a0
NEW f2a9b51fa4 [0] ASM:Graph
none|none lines=411
embedded dns trace

01:01:00 Win2K-f 116.75.9.114 (JWS.COM):
HATHWAY IP OVER CABLE INTERNET ACCESS SERVICE,
IN. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 28 of 31 97f3ce0f80
[Firefox: 2 hits: 04-30 to 05-02] none[4] none:none
none|none none trace

T:01:04:00 WinXP 78.156.211.156 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

01:11:00 Win2K-f 70.104.96.113 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
US. (DSL) n/a DE:flu.flutp.com
DE:tui.tuipo.net
DE:85.25.139.52:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 4 of 32 bb39112200
[Firefox: 2 hits: 05-02 to 05-02] bb39112200 [1] ASM:Graph
StarForce| lines=84 trace

T:01:14:00 Win2K-f 90.137.0.209 (SWIP.NET):
SWIPNET,
SE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

01:18:00 Win2K-f 90.235.23.175 (TELIA.COM):
TELIA NETWORK SERVICES,
SE. 218.93.14.236:7000 CN:scorti1.dns2go.com
DE:proxim.ircgalaxy.pl
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset irc
7 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

01:18:00 Win2K-f 62.35.135.219 (D4.CLUB-INTERNET.FR):
T-ONLINE (ADSL),
PARIS, ILE-DE-FRANCE, FR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 31 0330af1285
[Firefox: 5 hits: 05-02 to 05-07] none[4] none:none
none|none none trace

01:18:00 WinXP 87.97.125.14 (INVITEL.HU):
ADSL-PPPOE-(GOD-ADSL1),
HU. 218.93.14.236:7000 CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 20 of 31 bfab284e67
[Firefox: 3 hits: 05-01 to 05-05] 13a0c147f5 [0] ASM:Graph
ASProtect| lines=420
embedded dns trace

T:01:28:00 Win2K-f 91.202.213.0 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

01:29:00 WinXP 82.137.17.69 (RDSNET.RO):
TEREZVAROS CABLE TELEVISION LTD,
BUDAPEST, BUDAPEST, HU. 218.93.14.236:7000 CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:47 hits: 04-27 to 05-07] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

01:43:00 WinXP 123.48.77.51 (R-123-48-0-10.COMMUFA.JP):
CHUBU TELECOMMUNICATIONS CO. INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:576 hits: 07-11 to 05-06] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

01:52:00 Win2K-f 125.162.103.214 (-):
TLKM_D1_BB_SPEEDY_PG,
PALEMBANG, SUMATERA SELATAN, ID. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

01:56:00 Win2K-f 78.96.8.43 (-):
ASTRAL TURDA DOCSIS,
TURDA, CLUJ, RO. n/a CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 15 of 32 d61a5c46eb
NEW none[4] none:none
none|none none trace

T:01:57:00 WinXP 79.138.128.122 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

01:58:00 Win2K-f 125.230.73.167 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:03:00 WinXP 212.45.75.251 (ISTAR-LINK.COM):
ISTAR LINK COSTUMERS IN SILISTRA,
BG. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:02:04:00 WinXP 124.81.152.239 (CARSURIN.COM):
PT INDOSAT MEGA MEDIA,
ID. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:02:25:00 Win2K-f 83.97.249.15 (CM-83-97-244-10.TELECABLE.ES):
TELECABLE,
ES. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:02:31:00 WinXP 218.160.98.59 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
CHENNAI, TAMIL NADU, IN. 218.93.14.236:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 13 of 32 53123fadcc
[Firefox:35 hits: 01-26 to 05-07] none[4] none:none
none|none none trace

02:36:00 Win2K-f 87.223.230.144 (DYNAMIC.JAZZTEL.ES):
JAZZ TELECOM S.A,
BARCELONA, CATALUñA, ES. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:49:00 Win2K-f 193.254.52.249 (NET-X.RO):
LOGIC,
RO. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:03:11:00 WinXP 82.200.230.198 (-):
JSC KAZAKHTELECOM URALSK AFFILIATE,
KZ. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

03:14:00 Win2K-f 89.24.89.42 (4GINTERNET.CZ):
GPRS/UMTS CUSTOMER NETWORK,
CZ. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 87a9d2fad8
NEW none[4] none:none
none|none none trace

03:30:00 WinXP 190.188.212.136 (NET.AR):
PRIMA S.A,
AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

03:32:00 Win2K-f 90.155.137.104 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 32 5b64aefe5d
[Firefox: 2 hits: 05-02 to 05-07] none[4] none:none
none|none none trace

T:03:35:00 Win2K-f 91.67.175.137 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 28 of 31 83c1c4c64b
NEW fee9cf851f [0] ASM:Graph
ASProtect| lines=420
embedded dns trace

T:03:36:00 WinXP 62.11.114.216 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
PALERMO, SICILIA, IT. (DIAL) n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
:landdev1.lap.internal
GB:welcome3.smile.co.uk
GB:195.92.84.198:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
6 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:438 hits: 05-04 to 05-06] none[3] none:none
ASPack| none trace

T:03:37:00 Win2K-f 77.195.203.237 (GAOLAND.NET):
DYNAMIC POOLS,
FR. 218.93.14.236:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

03:47:00 Win2K-f 83.25.40.234 (TPNET.PL):
NEOSTRADA PLUS,
POZNAN, WIELKOPOLSKIE, PL. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

04:02:00 Win2K-f 84.187.205.117 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
MöNCHENGLADBACH, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 18 of 31 f9b37a5ae8
[Firefox: 2 hits: 05-02 to 05-05] 77bf267d4e [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

T:04:04:00 WinXP 88.204.250.252 (-):
ALMATYTELECOM,
KZ. n/a CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:47 hits: 04-27 to 05-07] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

04:06:00 WinXP 92.113.22.133 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 32 fd0bf48a75
[Firefox: 7 hits: 04-28 to 05-07] none[3] none:none
ASProtect| none trace

T:04:08:00 Win2K-f 91.64.99.68 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 30 eeaefdba25
NEW none[4] none:none
none|none none trace

T:04:22:00 WinXP 190.172.91.38 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 18 of 32 7e28dac8de
[Firefox:11 hits: 04-27 to 05-06] none[4] none:none
none|none none trace

04:35:00 Win2K-f 79.113.146.161 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 31 2cf72f62c6
[Firefox: 3 hits: 05-02 to 05-06] none[4] none:none
none|none none trace

04:52:00 WinXP 78.57.28.35 (ZEBRA.LT):
LIETUVOS,
KAUNAS, KAUNO APSKRITIS, LT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

04:59:00 Win2K-f 82.210.149.184 (WAW.PL):
OTN DOMANIESKAII IP ASSIGNMENT,
WARSAW, MAZOWIECKIE, PL. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:05:00:00 WinXP 82.139.22.181 (UDN.PL):
NETWORK IN RADOM LEGNICA JELENIA-GORA,
SZCZECIN, ZACHODNIOPOMORSKIE, PL. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:01:00 Win2K-f 78.159.89.77 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

05:18:00 Win2K-f 125.230.172.201 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

05:28:00 Win2K-f 83.182.196.39 (CUST.TELE2.BE):
TELE2 BELGIUM,
BE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

05:32:00 WinXP 151.21.83.160 (21-151.LIBERO.IT):
FREE INTERNET DIAL-UP SERVICES,
ROME, LAZIO, IT. (DIAL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 25 of 32 b1bc3386f5
NEW none[4] none:none
none|none none trace

T:05:50:00 WinXP 195.114.178.56 (INETIA.PL):
NETIA TELEKOM SA,
PL. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 23 of 32 7dbe494a3d
[Firefox: 2 hits: 05-01 to 05-02] none[4] none:none
none|none none trace

05:51:00 Win2K-f 89.218.22.12 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. n/a CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:47 hits: 04-27 to 05-07] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

T:06:08:00 WinXP 125.230.172.201 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

06:11:00 WinXP 62.61.44.63 (-):
AD-PUBLIC,
DE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

06:33:00 WinXP 125.225.97.141 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

07:16:00 WinXP 89.109.58.140 (MTS-NN.RU):
MTS-NN,
RU. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

07:35:00 Win2K-f 92.8.219.91 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:07:48:00 Win2K-f 78.96.158.195 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

08:06:00 WinXP 151.83.10.85 (SER-PR2-MAX.IUNET.IT):
INFOSTRADA,
IT. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1274 hits: 12-31 to 05-07] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

08:06:00 WinXP 88.156.27.92 (VECTRANET.PL):
VECTRA S.A,
OLSZTYN, WARMINSKO-MAZURSKIE, PL. 72.10.172.218:3240 CA:bti.jeiahsdod.net
RU:mxs.mail.ru
US:gmail-smtp-in.l.google.com
US:gsmtp183.google.com
US:in1.smtp.messagingengine.com 445 pcap raw alerts
ruleset ftp
irc
http
35 lines Yeah : 1.8
profile none summary
tarball 28 of 32
19 of 31 39b81ab576
[Firefox: 3 hits: 05-02 to 05-06]
6a1c2d773d
NEW 7b8b096e8e [0]
9aa667b255[0] ASM:Graph
ASM:Graph
EXECrypto|
StarForce| line=1
lines=0 trace
trace

08:19:00 WinXP 201.173.25.84 (IFXNW.COM.MX):
NETWORK INFORMATION CENTER MEXICO,
MX. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:08:27:00 WinXP 83.132.203.38 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

08:33:00 WinXP 118.169.83.90 (-):
. 217.170.244.2:443
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
irc
21 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

08:34:00 Win2K-f 194.187.121.121 (-):
SC PACRIS SRL,
CONSTANTA, CONSTANTA, RO. n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 8f367186c3
[Firefox:61 hits: 12-27 to 05-05] 01a06977c4 [0] ASM:Graph
TXT2COM| lines=0 trace

09:09:00 Win2K-f 193.231.76.100 (EW.RO):
EUROWEB-ROMANIA-NET,
BUCHAREST, BUCURESTI, RO. (DIAL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:09:11:00 Win2K-f 89.232.196.87 (ISURGUT.RU):
OPEN JOINT-STOCK COMPANY URALSVIAZINFORM BRANCH OF THE KHANTYMANSIYSK REGION,
RU. (DIAL) n/a CN:scorti1.dns2go.com
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 31 9b0c5ed538
[Firefox: 3 hits: 05-02 to 05-04] none[4] none:none
none|none none trace

09:27:00 Win2K-f 189.5.166.65 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
GOIâNIA, GOIáS, BR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

09:59:00 WinXP 89.24.30.24 (4GINTERNET.CZ):
GPRS/WBA CUSTOMER NETWORKS,
CZ. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 10 of 32 639a247ece
[Firefox:24 hits: 04-28 to 05-06] 29d53eec72 [0] ASM:Graph
StarForce| lines=132 trace

10:02:00 Win2K-f 201.250.223.254 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:12:00 Win2K-f 87.12.177.46 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:34:00 Win2K-f 190.244.223.165 (-):
. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 28 of 32 0294c2d895
NEW none[4] none:none
none|none none trace

T:10:36:00 Win2K-f 201.250.215.24 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:50:00 Win2K-f 92.228.159.194 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

10:51:00 Win2K-f 82.245.200.234 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

11:01:00 WinXP 201.76.240.63 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 30 a156404fad
NEW none[4] none:none
none|none none trace

11:25:00 Win2K-f 88.73.106.137 (ARCOR-IP.NET):
ARCOR-DSL-NET,
HAMBURG, HAMBURG, DE. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:27:00 WinXP 89.214.30.111 (-):
GPRS COSTUMERS,
ALMADA, SETUBAL, PT. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 22 of 30 dd0c0e6afb
NEW none[4] none:none
none|none none trace

11:43:00 WinXP 190.174.132.159 (-):
. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 18 of 32 7e28dac8de
[Firefox:11 hits: 04-27 to 05-06] none[4] none:none
none|none none trace

11:58:00 Win2K-f 78.96.8.183 (-):
ASTRAL TURDA DOCSIS,
TURDA, CLUJ, RO. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:13:00 Win2K-f 79.126.2.203 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:12:15:00 Win2K-f 85.243.152.126 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
PT. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 31 5576599520
NEW none[4] none:none
none|none none trace

T:12:32:00 Win2K-f 79.138.170.223 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:37:00 Win2K-f 89.231.192.52 (MM.PL):
SZEL-SAT,
PL. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:44:00 WinXP 41.214.143.69 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1274 hits: 12-31 to 05-07] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

12:49:00 Win2K-f 200.117.44.17 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

13:23:00 Win2K-f 89.109.49.155 (MTS-NN.RU):
NETWORK FOR CLIENTS TERMINATIONS IN N.NOVGOROD CITY,
NOVGOROD, NOVGORODSKAYA OBLAST', RU. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:26:00 WinXP 222.147.217.193 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:576 hits: 07-11 to 05-06] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

13:36:00 Win2K-f 151.21.62.162 (21-151.LIBERO.IT):
FREE INTERNET DIAL-UP SERVICES,
ROME, LAZIO, IT. (DIAL) 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.5
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

13:47:00 Win2K-f 189.48.217.20 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

13:52:00 Win2K-f 201.75.165.140 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 26 of 32 35e5d8b724
NEW none[4] none:none
none|none none trace

T:14:00:00 Win2K-f 208.100.193.203 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

14:15:00 Win2K-f 79.10.85.177 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:23:00 Win2K-f 85.24.168.156 (BAHNHOF.SE):
BAHNHOF INTERNET AB,
SE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:26:00 WinXP 209.214.65.204 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
ATLANTA, GEORGIA, US. n/a EU:siliconfireware.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:438 hits: 05-04 to 05-06] none[3] none:none
ASPack| none trace

14:39:00 Win2K-f 151.54.107.29 (38-151.NET24.IT):
IUNET-BNET,
IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:42:00 Win2K-f 93.108.78.150 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 9 of 32 9345b57563
[Firefox:11 hits: 12-27 to 05-07] none[4] none:none
none|none none trace

14:48:00 WinXP 190.3.67.248 (TECHTELNET.NET):
TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A,
AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:48:00 WinXP 61.228.173.237 (PRESTONAUTO.COM):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 217.170.244.2:443
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
irc
28 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:14:51:00 Win2K-f 78.96.164.203 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:15:03:00 Win2K-f 78.38.42.58 (-):
INFORMATION TECHNOLOGY COMPANY (ITC),
IR. n/a 445 pcap raw alerts
ruleset ftp
19 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

15:10:00 Win2K-f 189.5.167.152 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
GOIâNIA, GOIáS, BR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
19 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

15:13:00 Win2K-f 213.63.200.11 (NET.ARTELECOM.PT):
ARTELECOM,
PT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 1.3
profile none summary
tarball 15 of 31 a973fc1184
[Firefox: 2 hits: 05-02 to 05-06] none[2] none:none
none|none none trace

T:15:19:00 Win2K-f 41.246.140.73 (TELKOM-IPNET.CO.ZA):
AFRINIC,
ZA. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

15:29:00 Win2K-f 4.232.174.105 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOS ANGELES, CALIFORNIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

15:34:00 Win2K-f 90.156.105.116 (KN.PL):
KOM-NET SYSTEMU KOMPUTEROWE SP. Z O.O,
PL. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

15:40:00 WinXP 67.150.245.175 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
SAN JOSE, CALIFORNIA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:15:41:00 WinXP 67.150.245.175 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
SAN JOSE, CALIFORNIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:15:53:00 Win2K-f 88.108.138.248 (AS9105.COM):
TISCALI UK LTD,
LONDON, ENGLAND, UK. (DSL) n/a DE:proxim.ircgalaxy.pl
CZ:217.170.244.2:443
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 28 of 31 8dbdc7465b
NEW 96960db2de [0] ASM:Graph
FSG| lines=1993
embedded dns trace

15:57:00 WinXP 190.136.88.241 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:16:05:00 Win2K-f 88.7.206.184 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
BARCELONA, CATALUñA, ES. 85.114.137.60:65520 217.170.244.2:443 445 pcap raw alerts
ruleset irc
8 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:22:00 Win2K-f 122.126.134.145 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 217.170.244.2:443
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset irc
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:27:00 Win2K-f 190.99.220.213 (-):
. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

16:29:00 WinXP 189.65.165.18 (-):
. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
23 lines Yeah : 1.3
profile none summary
tarball 16 of 29 10252565c9
[Firefox: 2 hits: 05-02 to 05-06] none[4] none:none
none|none none trace

T:16:32:00 WinXP 170.51.134.251 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1274 hits: 12-31 to 05-07] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

16:36:00 WinXP 217.94.241.26 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
STUTTGART, BADEN-WURTTEMBERG, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

17:09:00 Win2K-f 61.228.205.154 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

17:39:00 WinXP 82.255.248.90 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:271 hits: 05-01 to 05-07] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

17:42:00 Win2K-f 198.174.117.144 (HCINET.NET):
CLAT CITY TELCO,
SOUTH HAVEN, MINNESOTA, US. (DSL) 217.170.244.2:443
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
irc
28 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:17:49:00 WinXP 82.56.96.180 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
NAPOLI, CAMPANIA, IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

18:13:00 WinXP 202.71.56.189 (WARABI.NE.JP):
WARABI CABLE VISION CO. LTD,
WARABI, SAITAMA, JP. n/a DE:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 32 22999be88c
[Firefox: 4 hits: 04-05 to 05-02] eda2056971 [0] ASM:Graph
PolyEnE| lines=154
embedded dns trace

T:18:22:00 Win2K-f 122.254.60.164 (-):
PHOENIX CATV C,
TW. n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:33:00 Win2K-f 117.198.128.59 (-):
. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 26 of 31 fc926e0bc5
NEW none[4] none:none
none|none none trace

T:18:42:00 Win2K-f 213.158.216.155 (ERANET.PL):
ERANET,
PL. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

18:42:00 WinXP 222.147.217.193 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:576 hits: 07-11 to 05-06] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

19:04:00 WinXP 60.242.208.106 (TPGI.COM.AU):
AUSTRALIAN ISP,
SYDNEY, NEW SOUTH WALES, AU. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

19:19:00 Win2K-f 81.192.201.202 (IAM.NET.MA):
AFRINIC,
MA. (DSL) 84.244.9.14:2345 DE:wow.blackirc.us
SE:tap.radioprishtina.net 445 pcap raw alerts
ruleset http
irc
72 lines Yeah : 1.3
profile none summary
tarball 6 of 31
11 of 32 79d270780d
NEW
f0169a2083
NEW 79d270780d [1]
a1a1659005[0] ASM:Graph
ASM:Graph
StarForce|
none|none lines=84
lines=20 trace
trace

T:19:45:00 Win2K-f 61.216.180.37 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 217.170.244.2:443
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

20:05:00 WinXP 89.218.205.242 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:47 hits: 04-27 to 05-07] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

20:21:00 Win2K-f 92.97.247.200 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none 91e43fc14a
[Firefox: 5 hits: 05-01 to 05-02] none[4] none:none
Obsidium| none trace

20:42:00 Win2K-f 62.105.14.6 (ISURGUT.RU):
OPEN JOINT-STOCK COMPANY URALSVIAZINFORM,
RU. n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 31 9b0c5ed538
[Firefox: 3 hits: 05-02 to 05-04] none[4] none:none
none|none none trace

20:43:00 Win2K-f 130.228.96.66 (TELE2.NET):
TELE GREENLAND INTERNATIONAL A/S,
COPENHAGEN, COPENHAGEN, DK. (100Mbps) 222.51.25.2:18067 CN:bbjj.househot.com 445 pcap raw alerts
ruleset other
9 lines Yeah : 1.8
profile none summary
tarball 32 of 32 996c9c3a01
[Firefox: 6 hits: 04-03 to 05-02] none[3] none:none
MEW| none trace

T:20:45:00 WinXP 76.186.199.144 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

20:45:00 WinXP 220.146.25.108 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:576 hits: 07-11 to 05-06] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

21:05:00 Win2K-f 213.133.9.35 (-):
SPINN INTERNATIONAL APS,
DK. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 23 of 32 5cad1ddb30
NEW none[4] none:none
none|none none trace

21:10:00 Win2K-f 75.116.5.169 (-):
ALLTEL SIP CUSTOMERS - LITTLE ROCK,
LITTLE ROCK, ARKANSAS, US. n/a DE:proxim.ircgalaxy.pl
CA:done.blacktiehsbdcs.com
CA:japan.youngpeyatech.info
CA:72.10.172.218:2938
CA:72.10.172.218:3938
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset shell
ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 30 of 32 49016b6635
NEW d33639cb8e [0] ASM:Graph
ASPack| lines=34 trace

21:30:00 WinXP 4.249.144.165 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:21:43:00 Win2K-f 61.228.189.116 (PRESTONAUTO.COM):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset shell
ftp
20 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

21:58:00 Win2K-f 125.230.27.44 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
20 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:22:21:00 WinXP 190.134.141.103 (-):
. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.5
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:22:21:00 Win2K-f 92.124.209.14 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:22:24:00 WinXP 69.77.156.42 (SKYBEST.COM):
SKYBEST COMMUNICATIONS INC,
NEW BERN, NORTH CAROLINA, US. 85.114.137.60:65520 DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
DE:dl2.teenpassage.com
CN:211.96.97.44:7000
DE:85.114.137.60:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 27 of 31 56ae35572e
[Firefox: 2 hits: 05-01 to 05-02] none[4] none:none
none|none none trace

22:45:00 Win2K-f 218.168.78.233 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

23:40:00 WinXP 78.96.100.66 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:23:56:00 WinXP 4.88.93.82 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace