Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

03 May 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:14:00 Win2K-f 24.71.240.171 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
FT. MCMURRAY, ALBERTA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:00:24:00 Win2K-f 122.126.13.191 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
00:35:00 WinXP 200.125.34.188 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
MONTEVIDEO, MONTEVIDEO, UY. (DIAL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
00:48:00 Win2K-f 218.208.197.42 (TM.NET.MY):
ADSL-STREAMYX-TMNET,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:01:10:00 WinXP 91.66.103.69 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		211.96.97.44:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 31 57802172a4
[Firefox: 2 hits: 05-03 to 05-06] 		638ec51ab7 [0] ASM:Graph
 ASProtect| lines=439
embedded dns 		trace
01:17:00 Win2K-f 118.171.8.139 (-):
. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
01:19:00 WinXP 79.138.175.46 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:01:21:00 Win2K-f 92.46.132.58 (IKBCC.COM):
EU-ZZ,
UK. 		211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 31 c9ce213f1e
[Firefox: 2 hits: 04-30 to 05-03] 		none[4] none:none
 Obsidium| none trace
01:31:00 WinXP 84.51.85.133 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. 		211.96.97.44:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 32 8f367186c3
[Firefox:61 hits: 12-27 to 05-05] 		01a06977c4 [0] ASM:Graph
 TXT2COM| lines=0 trace
01:32:00 Win2K-f 88.147.239.190 (-):
VTSARATOV,
RU. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		12 of 30 76b4ab852e
[Firefox:29 hits: 04-29 to 05-07] 		none[4] none:none
 none|none none trace
01:42:00 WinXP 70.182.164.136 (COX.NET):
COX COMMUNICATIONS,
FT. SMITH, ARKANSAS, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
01:51:00 Win2K-f 122.126.13.191 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:01:52:00 WinXP 85.104.35.199 (TTNET.NET.TR):
TURK TELEKOM ADSL-METEKSAN,
TR. (DSL) 		85.114.137.60:65520 211.96.97.44:7000 DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
DE:dl2.teenpassage.com
CN:211.96.97.44:7000
DE:85.114.137.60:65520 		445 pcap raw alerts
ruleset 		ftp
irc
http
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 31
26 of 31		 642095d119
NEW
6b9b144f11
[Firefox: 2 hits: 05-03 to 05-03] 		642095d119 [1]
none [4] 		ASM:Graph
none:none
 StarForce|
none|none 		lines=6
none 		trace
trace
01:56:00 WinXP 78.165.134.105 (TTNET.NET.TR):
TELEKOM,
TR. 		n/a DE:siliconfireware.ru
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1008 hits: 05-01 to 05-07] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:02:08:00 Win2K-f 91.65.36.254 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 31 7caa02de8a
NEW 		none[4] none:none
 Obsidium| none trace
02:09:00 WinXP 87.14.207.119 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
BRESCIA, LOMBARDIA, IT. 		211.96.97.44:7000 DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
DE:85.114.137.60:80 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 32 8a0982bc9b
NEW 		none[4] none:none
 none|none none trace
02:17:00 Win2K-f 83.190.98.1 (CUST.TELE2.IT):
TELE2 ITALY S.A,
IT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:02:33:00 WinXP 220.219.21.120 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:02:38:00 Win2K-f 60.53.136.161 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KOTA KINABALU, SABAH, MY. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:02:51:00 WinXP 66.8.233.102 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HONOLULU, HAWAII, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 042774a2b7
[Firefox:135 hits: 05-01 to 05-03] 		1c9a472cd7 [0] ASM:Graph
 PolyEnE| lines=71
embedded dns 		trace
02:53:00 WinXP 200.160.82.211 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:02:59:00 Win2K-f 41.209.78.137 (FCBIBANK.COM):
AFRINIC,
KHARTOUM, AL KHARTUM, SD. 		211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
03:04:00 Win2K-f 82.245.159.91 (PROXAD.NET):
PROXAD / FREE SAS,
LE BOURGET, ILE-DE-FRANCE, FR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
03:06:00 WinXP 89.24.251.250 (4GINTERNET.CZ):
RADIOMOBIL,
CZ. 		n/a DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
DE:85.114.137.60:65520 		445 pcap raw alerts
ruleset 		ftp
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 32 692590bbd0
NEW 		none[2] none:none
 none|none none trace
03:08:00 Win2K-f 62.45.245.247 (CAIWAY.NL):
KABELFOON,
MAASSLUIS, ZUID-HOLLAND, NL. 		n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		24 of 32 0d48052a1d
NEW 		0bc76628e2 [0] ASM:Graph
 ASPack| lines=409
embedded dns 		trace
03:16:00 WinXP 117.194.0.132 (-):
. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:03:22:00 Win2K-f 90.156.105.116 (KN.PL):
KOM-NET SYSTEMU KOMPUTEROWE SP. Z O.O,
PL. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
03:25:00 Win2K-f 61.231.43.218 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
30 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:03:28:00 WinXP 90.151.23.29 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		10 of 32 639a247ece
[Firefox:24 hits: 04-28 to 05-06] 		29d53eec72 [0] ASM:Graph
 StarForce| lines=132 trace
T:03:30:00 Win2K-f 88.168.31.176 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		27 of 32 8e7611d3db
NEW 		none[4] none:none
 none|none none trace
03:38:00 WinXP 91.42.89.143 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 32 27e1055aa3
NEW 		none[4] none:none
 none|none none trace
T:03:38:00 WinXP 125.233.96.201 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:03:42:00 Win2K-f 92.112.213.138 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:03:46:00 WinXP 61.61.210.186 (UBBN.NET):
UNION CABLE TV CO. LTD,
TW. 		211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		12 of 30 76b4ab852e
[Firefox:29 hits: 04-29 to 05-07] 		none[4] none:none
 none|none none trace
03:47:00 WinXP 77.54.19.98 (REV.VODAFONE.PT):
GPRS POOLS,
PT. 		n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		9 of 32 9345b57563
[Firefox:11 hits: 12-27 to 05-07] 		none[4] none:none
 none|none none trace
03:55:00 Win2K-f 91.83.4.172 (INVITEL.HU):
INVITEL TAVKOZLESI SZOLGALTATO RT,
HU. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:03:58:00 WinXP 89.241.135.139 (-):
OPAL TELECOM DSL,
LONDON, ENGLAND, UK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
04:07:00 WinXP 80.83.58.200 (NET2000.CH):
VIDEO2000-MAIN-NET,
NEUCHATEL, NEUCHATEL, CH. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:17:00 Win2K-f 78.174.249.43 (SMYTHECRAMER.COM):
TELEKOM,
TR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 31 0e5ee95b7f
NEW 		none[4] none:none
 Xtreme-Pr| none trace
04:21:00 Win2K-f 84.119.35.110 (SWIPNET.SE):
PROVIDER LOCAL REGISTRY,
SE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		12 of 30 76b4ab852e
[Firefox:29 hits: 04-29 to 05-07] 		none[4] none:none
 none|none none trace
04:26:00 WinXP 87.4.214.90 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
NAPOLI, CAMPANIA, IT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
04:32:00 Win2K-f 193.19.70.41 (VOLOGDA.RU):
SERVICES-AND-DIAL-UP-SEGMENT-VOLOGDA-NET,
RU. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:35:00 WinXP 79.121.73.97 (-):
PORION-DIGITAL KFT,
HU. 		211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
irc
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		11 of 31 4620861e2d
[Firefox: 7 hits: 04-27 to 05-03] 		none[4] none:none
 StarForce| none trace
T:04:49:00 Win2K-f 84.77.129.152 (YA.COM):
YA.COM INTERNET FACTORY,
BARCELONA, CATALUñA, ES. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
04:49:00 Win2K-f 190.31.91.63 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
04:54:00 Win2K-f 92.47.82.151 (IKBCC.COM):
EU-ZZ,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
04:55:00 WinXP 91.148.97.112 (BEOTEL.NET):
BEOTELNET ISP,
CS. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
05:06:00 Win2K-f 79.138.169.168 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
05:06:00 WinXP 85.104.35.199 (TTNET.NET.TR):
TURK TELEKOM ADSL-METEKSAN,
TR. (DSL) 		n/a DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
DE:85.114.137.60:65520 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 31 6b9b144f11
[Firefox: 2 hits: 05-03 to 05-03] 		none[4] none:none
 none|none none trace
05:11:00 Win2K-f 82.200.245.127 (-):
ALMATYTELECOM,
ALMATY, ALMATY, KZ. 		n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 31 af98fe0c94
[Firefox:47 hits: 04-27 to 05-07] 		480d076a0a [0] ASM:Graph
 ASProtect| lines=422
embedded dns 		trace
05:13:00 WinXP 79.138.183.152 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
05:14:00 Win2K-f 85.95.161.132 (SARANSK.RU):
BRANCH IN MORDOVIAN REPUBLIC,
RU. (DIAL) 		n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 32 53123fadcc
[Firefox:35 hits: 01-26 to 05-07] 		none[4] none:none
 none|none none trace
05:25:00 Win2K-f 91.66.125.217 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 32 24058b237a
[Firefox: 2 hits: 05-03 to 05-05] 		none[4] none:none
 none|none none trace
05:41:00 Win2K-f 92.47.82.131 (IKBCC.COM):
EU-ZZ,
UK. 		n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 31 af98fe0c94
[Firefox:47 hits: 04-27 to 05-07] 		480d076a0a [0] ASM:Graph
 ASProtect| lines=422
embedded dns 		trace
05:44:00 Win2K-f 89.105.240.42 (FARLEP.NET):
A SUBDIVISION OF FARLEP-INTERNET ODESSA,
ODESSA, ODES'KA OBLAST, UA. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
05:45:00 Win2K-f 88.85.22.143 (NET2000.CH):
BROADBAND CUSTOMER,
NEUCHATEL, NEUCHATEL, CH. 		n/a   445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		10 of 32 639a247ece
[Firefox:24 hits: 04-28 to 05-06] 		29d53eec72 [0] ASM:Graph
 StarForce| lines=132 trace
05:48:00 WinXP 81.230.91.94 (SKANOVA.COM):
TELIA NETWORK SERVICES,
ÄLMHULT, KRONOBERG, SE. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
05:53:00 Win2K-f 92.48.57.37 (IKBCC.COM):
EU-ZZ,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 31 0330af1285
[Firefox: 5 hits: 05-02 to 05-07] 		none[4] none:none
 none|none none trace
06:01:00 WinXP 78.8.117.14 (NET.PL):
DIALOG,
WROCLAW, DOLNOSLASKIE, PL. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
06:08:00 Win2K-f 84.51.81.241 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
06:13:00 Win2K-f 79.137.82.82 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:06:15:00 WinXP 193.249.253.3 (ABO.WANADOO.FR):
TELECOM,
FR. 		n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
:landdev1.lap.internal
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:438 hits: 05-04 to 05-06] 		none[3] none:none
 ASPack| none trace
06:25:00 Win2K-f 62.214.204.103 (VERSANET.DE):
VERSATEL DEUTSCHLAND DYNAMIC POOL,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 31 b9a28a4b68
[Firefox: 2 hits: 04-28 to 05-03] 		none[4] none:none
 TXT2COM| none trace
06:31:00 WinXP 117.201.80.182 (-):
. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
06:34:00 Win2K-f 91.124.7.154 (UKRTEL.NET):
UKRTELECOM,
BROVARY, KYYIVS'KA OBLAST', UA. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:06:34:00 Win2K-f 89.223.192.224 (-):
VODAFONE HUNGARY LTD,
HU. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
06:35:00 Win2K-f 79.121.43.60 (-):
PORION-DIGITAL KFT,
HU. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		7 of 32 26e1904aa6
NEW 		none[4] none:none
 StarForce| none trace
T:06:41:00 Win2K-f 190.51.104.119 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
06:47:00 Win2K-f 190.173.125.153 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:06:51:00 Win2K-f 61.223.245.215 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAOYUAN, T'AI-WAN, TW. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
06:53:00 WinXP 85.244.65.156 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
PT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
06:55:00 Win2K-f 83.188.193.56 (SWIP.NET):
SWIPNET,
SE. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:06:59:00 WinXP 88.44.109.130 (BUSINESS.TELECOMITALIA.IT):
INTERBUSINESS,
IT. (100Mbps) 		211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
07:04:00 WinXP 218.160.100.249 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
CHENNAI, TAMIL NADU, IN. 		n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 32 53123fadcc
[Firefox:35 hits: 01-26 to 05-07] 		none[4] none:none
 none|none none trace
T:07:10:00 Win2K-f 124.10.224.202 (TFN.NET.TW):
TAIWAN FIXED NETWORK CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 31 0330af1285
[Firefox: 5 hits: 05-02 to 05-07] 		none[4] none:none
 none|none none trace
07:16:00 WinXP 89.28.43.167 (89-28-0-10.STARNET.MD):
STARNET,
CHISINAU, CHISINAU, MD. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 32 a7a78c5fc2
[Firefox: 2 hits: 05-03 to 05-07] 		none[4] none:none
 Obsidium| none trace
07:17:00 Win2K-f 87.174.115.18 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
MUNICH, BAYERN, DE. (DIAL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		23 of 31 910d190921
[Firefox: 3 hits: 05-03 to 05-05] 		none[4] none:none
 none|none none trace
07:30:00 Win2K-f 200.86.210.231 (VTR.NET):
VTR BANDA ANCHA S.A,
SANTIAGO, REGION METROPOLITANA, CL. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		11 of 31 4620861e2d
[Firefox: 7 hits: 04-27 to 05-03] 		none[4] none:none
 StarForce| none trace
07:31:00 Win2K-f 190.51.104.119 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:07:32:00 WinXP 87.174.115.18 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
MUNICH, BAYERN, DE. (DIAL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		23 of 31 910d190921
[Firefox: 3 hits: 05-03 to 05-05] 		none[4] none:none
 none|none none trace
07:32:00 Win2K-f 194.187.121.12 (-):
SC PACRIS SRL,
CONSTANTA, CONSTANTA, RO. 		n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 8f367186c3
[Firefox:61 hits: 12-27 to 05-05] 		01a06977c4 [0] ASM:Graph
 TXT2COM| lines=0 trace
07:36:00 WinXP 59.117.171.219 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:07:46:00 WinXP 88.244.193.145 (TTNET.NET.TR):
TT ADSL-ALCATEL DYNAMIC_ACI,
ISTANBUL, ISTANBUL, TR. 		n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 31 af98fe0c94
[Firefox:47 hits: 04-27 to 05-07] 		480d076a0a [0] ASM:Graph
 ASProtect| lines=422
embedded dns 		trace
07:56:00 Win2K-f 78.98.52.172 (T-COM.SK):
BLOCK OF DYNAMIC IPS FOR BROADBAND CUSTOMERS,
BRATISLAVA, BRATISLAVSKY, SK. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:08:03:00 Win2K-f 121.247.164.103 (VSNL.NET.IN):
VIDESH SANCHAR NIGAM LTD - INDIA,
IN. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		10 of 32 639a247ece
[Firefox:24 hits: 04-28 to 05-06] 		29d53eec72 [0] ASM:Graph
 StarForce| lines=132 trace
08:09:00 Win2K-f 62.45.33.107 (CAIWAY.NL):
KABELFOON,
MAASSLUIS, ZUID-HOLLAND, NL. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 30 bceee848e6
NEW 		none[4] none:none
 none|none none trace
T:08:14:00 WinXP 78.96.110.44 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
08:15:00 WinXP 78.37.83.210 (LSI.RU):
OJSC NORTH-WEST TELECOM,
RU. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
08:17:00 WinXP 91.65.124.132 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 31 e47d5fbf7e
NEW 		none[4] none:none
 none|none none trace
T:08:20:00 WinXP 213.217.177.51 (ALBACOM.NET):
ALBACOM DIAL SERVICES,
BERGAMO, LOMBARDIA, IT. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
:wpad
GB:welcome3.smile.co.uk
GB:195.92.84.198:80
US:208.73.212.12:80
DE:212.227.111.29:80
DE:217.11.54.126:80 		445 pcap raw alerts
ruleset 		http
http
http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:438 hits: 05-04 to 05-06] 		none[3] none:none
 ASPack| none trace
08:26:00 Win2K-f 89.182.219.53 (NET-HTP.DE):
HTP-DYN-DSL,
DE. 		n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 31 af98fe0c94
[Firefox:47 hits: 04-27 to 05-07] 		480d076a0a [0] ASM:Graph
 ASProtect| lines=422
embedded dns 		trace
T:08:31:00 Win2K-f 122.126.20.234 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
08:34:00 WinXP 190.161.59.71 (VTR.NET):
VTR BANDA ANCHA S.A,
SANTIAGO, REGION METROPOLITANA, CL. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
08:39:00 Win2K-f 190.48.219.188 (COM.AR):
TELEFONICA DE ARGENTINA,
MAR DEL PLATA, BUENOS AIRES, AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		23 of 31 14ef234ad3
[Firefox: 7 hits: 04-29 to 05-07] 		none[4] none:none
 none|none none trace
T:08:40:00 WinXP 4.230.150.248 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN ANTONIO, TEXAS, US. (DIAL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1274 hits: 12-31 to 05-07] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
08:53:00 Win2K-f 190.182.4.138 (METROTEL.NET.CO):
METROTEL REDES S.A,
CO. 		n/a CN:hail.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		15 of 32 6169f1f1c5
NEW 		none[4] none:none
 none|none none trace
08:57:00 Win2K-f 87.9.76.89 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. 		211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
09:03:00 WinXP 85.84.135.10 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
ES. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
09:04:00 WinXP 190.139.48.94 (NET.AR):
TELECOM ARGENTINA S.A,
AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
09:05:00 Win2K-f 78.57.163.75 (ACCORDHR.COM):
LIETUVOS,
KEDAINIAI, KAUNO APSKRITIS, LT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
09:07:00 Win2K-f 85.240.181.240 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
LEIRIA, LEIRIA, PT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:09:16:00 Win2K-f 200.199.138.78 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:09:17:00 Win2K-f 213.91.224.41 (TVSKAT.NET):
SKAT TV LTD,
BURGAS, BURGAS, BG. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
09:24:00 Win2K-f 200.100.82.110 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
09:26:00 WinXP 189.29.138.232 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
09:35:00 Win2K-f 87.64.198.44 (ISP.BELGACOM.BE):
BELGACOM-ADSL,
DENDERMONDE, OOST-VLAANDEREN, BE. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:09:37:00 Win2K-f 92.97.247.200 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
09:38:00 WinXP 89.214.54.85 (-):
GPRS COSTUMERS,
PT. 		211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:09:45:00 WinXP 190.173.205.87 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
09:47:00 WinXP 83.132.237.100 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LEIRIA, LEIRIA, PT. 		211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:10:00:00 Win2K-f 91.65.147.223 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 f515fcc0f7
[Firefox:10 hits: 12-28 to 05-07] 		dc7696e295 [0] ASM:Graph
 ASProtect| lines=422
embedded dns 		trace
10:02:00 Win2K-f 87.105.230.53 (NET.PL):
STATIC BROADBAND SERVICES,
GLOGOW, DOLNOSLASKIE, PL. (DIAL) 		211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
10:06:00 WinXP 88.16.194.30 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
ES. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:10:09:00 Win2K-f 79.12.45.7 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
ROME, LAZIO, IT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
10:10:00 Win2K-f 124.81.152.13 (CARSURIN.COM):
PT INDOSAT MEGA MEDIA,
ID. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:10:12:00 WinXP 88.85.22.143 (NET2000.CH):
BROADBAND CUSTOMER,
NEUCHATEL, NEUCHATEL, CH. 		211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		16 of 32 34dbedf630
NEW 		603f62f989 [0] ASM:Graph
 StarForce| lines=132 trace
10:17:00 Win2K-f 41.214.134.4 (-):
. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
10:37:00 WinXP 58.107.214.138 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
MELBOURNE, VICTORIA, AU. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:430 hits: 05-02 to 05-03] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:10:56:00 WinXP 12.66.59.187 (PRSERV.NET):
AT&T GLOBAL SERVICES,
SCHAUMBURG, ILLINOIS, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:430 hits: 05-02 to 05-03] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
10:58:00 WinXP 79.112.226.101 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
11:26:00 WinXP 66.27.179.248 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CANOGA PARK, CALIFORNIA, US. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.90.2:443 		445 pcap raw alerts
ruleset 		shell
ftp
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		16 of 31 23c32fbd78
NEW 		none[4] none:none
 PeCompact| none trace
T:11:39:00 Win2K-f 172.166.142.3 (AOL.COM):
AMERICA ONLINE,
US. 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
12:12:00 WinXP 83.103.135.226 (ASTRAL.RO):
ASTRAL CLUJ-NAPOCA DOCSIS,
CLUJ-NAPOCA, CLUJ, RO. 		218.93.14.236:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000
US:63.149.6.91:7000 		445 pcap raw alerts
ruleset 		ftp
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:12:14:00 Win2K-f 4.242.132.51 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DALLAS, OREGON, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
12:38:00 Win2K-f 98.135.20.241 (-):
. 		217.170.244.2:443  
CZ:217.170.244.2:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
12:40:00 WinXP 85.183.145.150 (ALICEDSL.DE):
HANSENET-ADSL,
DE. 		n/a DE:msdirect.servicemail24.de
US:gbrands.com.mail5.psmtp.com
US:aspmx.l.google.com
US:mail.synacklabs.net
US:c.mx.mail.yahoo.com
CA:mx.activestate.com
:doel.org
DK:mx-cluster1.one.com
US:thcuda.there.com
CA:inbound.here.com.netsolmail.net
US:spam02.affinitypath.com
CA:209.17.146.130:25
US:209.85.147.114:25
216.104.34.250:25
US:64.125.216.228:25
US:64.18.5.10:25
US:66.179.101.170:25 		445 pcap raw alerts
ruleset 		shell
ftp
81 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 31 90eed12dab
NEW 		a0fe60597c [0] ASM:Graph
 none|none lines=84
embedded dns 		trace
T:13:04:00 Win2K-f 4.228.132.128 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LAKEWOOD, COLORADO, US. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
13:13:00 WinXP 92.40.57.39 (IKBCC.COM):
EU-ZZ,
UK. 		n/a DE:proxim.ircgalaxy.pl
DE:85.114.137.60:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		28 of 31 f58222344f
[Firefox: 9 hits: 12-31 to 05-06] 		2a56436a64 [0] ASM:Graph
 PolyEnE| lines=265
embedded dns 		trace
T:13:18:00 Win2K-f 172.131.191.69 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:13:31:00 WinXP 79.138.149.254 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:13:52:00 WinXP 98.132.147.65 (-):
ALLTEL SIP CUSTOMERS - PHOENIX,
PHOENIX, ARIZONA, US. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
14:31:00 Win2K-f 79.138.149.254 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:14:51:00 WinXP 201.69.195.9 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		85.114.137.60:65520 DE:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 32 3959a8c276
NEW 		62a4e6bafe [0] ASM:Graph
 PolyEnE| lines=129 trace
T:15:04:00 WinXP 216.77.192.153 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
PICAYUNE, MISSISSIPPI, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
15:14:00 Win2K-f 200.165.203.111 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.93.14.236:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
15:35:00 WinXP 76.87.74.1 (G-M-I.NET):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:16:02:00 Win2K-f 4.224.117.135 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOUISVILLE, KENTUCKY, US. (DIAL) 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
20 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
16:19:00 WinXP 41.214.132.190 (-):
. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1274 hits: 12-31 to 05-07] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
16:23:00 WinXP 96.248.242.62 (-):
. 		n/a RU:moscow-advokat.ru
EU:gaz-prom.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 32a0d7d0e0
[Firefox:38 hits: 05-04 to 05-03] 		d791762796 [0] ASM:Graph
 tElock| lines=81
embedded dns 		trace
T:16:24:00 Win2K-f 4.185.210.136 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
16:36:00 Win2K-f 12.72.159.60 (ATT.NET):
AT&T WORLDNET SERVICES,
SAN FRANCISCO, CALIFORNIA, US. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
16:47:00 WinXP 208.100.229.151 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 396656c83c
[Firefox: 3 hits: 08-20 to 05-03] 		none[4] none:none
 PolyEnE| none trace
T:16:51:00 WinXP 222.13.65.200 (DION.NE.JP):
DION (KDDI CORPORATION),
JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:25 hits: 09-28 to 05-07] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
17:02:00 WinXP 98.140.251.237 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:271 hits: 05-01 to 05-07] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
T:17:02:00 WinXP 98.140.251.237 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:271 hits: 05-01 to 05-07] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
T:17:12:00 WinXP 72.251.20.64 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 6f89425f8a
[Firefox:13 hits: 02-08 to 05-03] 		6480c2f949 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:17:22:00 WinXP 190.51.247.132 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1274 hits: 12-31 to 05-07] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
18:50:00 WinXP 85.179.96.17 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
19:37:00 Win2K-f 4.153.245.36 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KNOXVILLE, TENNESSEE, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
20:11:00 WinXP 67.9.255.145 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:697 hits: 05-01 to 05-07] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:20:13:00 WinXP 200.165.246.230 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:20:58:00 WinXP 72.174.249.76 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
DELTA, COLORADO, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:271 hits: 05-01 to 05-07] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
T:21:26:00 WinXP 218.168.75.155 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
21:29:00 WinXP 65.99.135.18 (LINK2USA.COM):
UNITED SYSTEMS ACCESS,
WINTER HARBOR, MAINE, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:271 hits: 05-01 to 05-07] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
22:45:00 Win2K-f 59.117.182.183 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		217.170.244.2:443  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
21 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
23:18:00 WinXP 90.151.100.219 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace