Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

10 May 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:08:00 WinXP 203.180.89.83 (BMOBILE.NE.JP):
JAPAN COMMUNICATION INC,
JP. 		n/a DE:siliconfireware.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:438 hits: 05-04 to 05-06] 		none[3] none:none
 ASPack| none trace
T:00:09:00 WinXP 79.36.170.155 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. 		211.96.97.44:7000 CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
irc
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		18 of 32 b4ad631671
[Firefox: 5 hits: 04-29 to 05-05] 		5890f017cc [0] ASM:Graph
 StarForce| lines=28 trace
00:21:00 Win2K-f 122.148.66.195 (DODO.COM.AU):
LAYER 2 BROADBAND CUSTOMER NETWORK,
AU. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
00:24:00 Win2K-f 84.1.219.49 (T-ONLINE.HU):
PROVIDER LOCAL REGISTRY,
HU. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
T:00:54:00 WinXP 79.72.245.119 (AS9105.COM):
TELINCO,
UK. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
US:63.149.6.91:7000
US:65.117.119.162:7000 		445 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 1.8
profile 		none summary
tarball 		12 of 30 76b4ab852e
[Firefox:34 hits: 04-29 to 05-09] 		none[4] none:none
 none|none none trace
T:01:00:00 WinXP 92.40.14.95 (IKBCC.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		shell
shell
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:01:39:00 WinXP 202.233.234.172 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
KITAKYUSHU, FUKUOKA, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:582 hits: 07-11 to 05-09] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:01:50:00 WinXP 82.55.177.215 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
PESCARA, ABRUZZI, IT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
01:58:00 WinXP 82.61.88.129 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
NAPOLI, CAMPANIA, IT. 		n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 e1776b271c
NEW 		none[none] none:none
 none|none none none
T:02:21:00 Win2K-f 84.155.120.14 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
AUGSBURG, BAYERN, DE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
02:27:00 Win2K-f 212.220.102.143 (USCB.RU):
POOL_ISG,
EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. 		210.217.196.11:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 31 cb89ccfe52
[Firefox: 6 hits: 04-29 to 05-09] 		881f6fa4b7 [0] ASM:Graph
 TXT2COM| lines=406
embedded dns 		trace
02:40:00 WinXP 78.151.149.242 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
02:43:00 Win2K-f 81.243.105.217 (ISP.BELGACOM.BE):
BELGACOM-ADSL,
BRUSSELS, BRUSSELS, BE. (DSL) 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
02:58:00 WinXP 93.120.141.226 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		27 of 32 15bee5b293
NEW 		none[none] none:none
 none|none none none
02:59:00 WinXP 85.243.196.90 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
LEIRIA, LEIRIA, PT. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
03:15:00 Win2K-f 212.45.75.136 (ISTAR-LINK.COM):
ISTAR LINK COSTUMERS IN SILISTRA,
BG. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
03:20:00 WinXP 89.146.158.198 (NET.BA):
BRAS PPPOE POOL UPGRADE,
SARAJEVO, FEDERATION OF BOSNIA AND HERZEGOVINA, BA. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
03:24:00 WinXP 193.239.101.75 (SOLARME.PL):
SOLARME-NET-POLAND,
PL. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:03:25:00 Win2K-f 79.205.78.180 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
03:34:00 Win2K-f 125.232.111.61 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		210.217.196.11:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
28 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 32 b62ebddc0c
NEW 		none[3] none:none
 none|none none trace
03:54:00 Win2K-f 89.231.196.207 (MM.PL):
SZEL-SAT,
PL. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:03:59:00 Win2K-f 82.226.155.62 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 32 53123fadcc
[Firefox:36 hits: 01-26 to 05-08] 		none[4] none:none
 none|none none trace
T:04:08:00 Win2K-f 118.169.63.51 (-):
. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2597 hits: 12-31 to 05-09] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
04:31:00 WinXP 85.196.223.71 (-):
ADDITIONAL NETWORK FOR PARNU CITY,
PARNU, PARNUMAA, EE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
04:59:00 Win2K-f 91.65.150.163 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 31 943ba332f2
NEW 		none[none] none:none
 none|none none none
T:04:59:00 WinXP 77.54.4.30 (REV.VODAFONE.PT):
GPRS POOLS,
PT. 		210.217.196.11:7000 CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		9 of 32 9345b57563
[Firefox:11 hits: 12-27 to 05-07] 		none[4] none:none
 none|none none trace
05:21:00 Win2K-f 84.1.219.49 (T-ONLINE.HU):
PROVIDER LOCAL REGISTRY,
HU. (DSL) 		210.217.196.11:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 32 8f367186c3
[Firefox:65 hits: 12-27 to 05-09] 		01a06977c4 [0] ASM:Graph
 TXT2COM| lines=0 trace
T:05:23:00 Win2K-f 78.131.24.29 (-):
EMKTV BUDAPEST VLAN 06 DOCSIS,
BUDAPEST, BUDAPEST, HU. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
05:29:00 WinXP 87.12.152.11 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
PALERMO, SICILIA, IT. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
T:05:31:00 WinXP 79.184.16.15 (TPNET.PL):
TPSA,
PL. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
05:40:00 WinXP 84.250.90.5 (INET.FI):
BROADBAND ACCESS POOL,
HELSINKI, ETELA-SUOMEN LAANI, FI. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:2960 hits: 12-31 to 05-08] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
06:17:00 Win2K-f 89.251.242.172 (WAMBO.CH):
FIRST ASSIGNEMENT FOR AMBNET,
CH. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
06:26:00 Win2K-f 201.212.127.4 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
06:26:00 WinXP 200.12.181.141 (EAFIT.EDU.CO):
UNIVERSIDAD EAFIT,
MEDELLIN, ANTIOQUIA, CO. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:06:28:00 Win2K-f 189.5.163.13 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
GOIâNIA, GOIáS, BR. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
06:30:00 Win2K-f 91.64.163.83 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 31 9ecf7bf3a7
NEW 		628cb0224e [0] ASM:Graph
 ASProtect| lines=4 trace
T:06:51:00 Win2K-f 220.143.235.92 (GUTZWILLER.CH):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
06:54:00 Win2K-f 41.232.123.156 (TEDATA.NET):
PROVIDER LOCAL REGISTRY,
EG. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:06:54:00 Win2K-f 89.24.110.187 (4GINTERNET.CZ):
RADIOMOBIL,
CZ. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
07:04:00 Win2K-f 93.81.19.205 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
T:07:05:00 Win2K-f 92.112.82.111 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:15:00 WinXP 117.201.82.48 (-):
. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
07:19:00 WinXP 212.106.30.99 (POLBOX.PL):
POLBOX,
PL. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:07:19:00 Win2K-f 190.189.180.242 (NET.AR):
PRIMA S.A,
AR. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
07:27:00 Win2K-f 124.13.138.66 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
MY. 		n/a   445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
07:34:00 Win2K-f 78.133.76.125 (MALTANET.NET):
MALTANET-RETAIL-DSL,
MT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
07:36:00 WinXP 92.40.79.190 (IKBCC.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
07:37:00 WinXP 92.97.57.241 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 31 af98fe0c94
[Firefox:51 hits: 04-27 to 05-09] 		480d076a0a [0] ASM:Graph
 ASProtect| lines=422
embedded dns 		trace
07:42:00 WinXP 69.77.146.163 (SKYBEST.COM):
SKYBEST COMMUNICATIONS INC,
NEW BERN, NORTH CAROLINA, US. 		n/a DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000
DE:85.114.137.60:65520 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		27 of 31 56ae35572e
[Firefox: 2 hits: 05-01 to 05-02] 		none[4] none:none
 none|none none trace
07:42:00 WinXP 68.217.122.216 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
ATLANTA, GEORGIA, US. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 31 e21ca9f78a
NEW 		none[none] none:none
 none|none none none
07:45:00 Win2K-f 81.246.179.109 (ISP.BELGACOM.BE):
SKYNET-ADSL,
DENDERMONDE, OOST-VLAANDEREN, BE. (DSL) 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 8f367186c3
[Firefox:65 hits: 12-27 to 05-09] 		01a06977c4 [0] ASM:Graph
 TXT2COM| lines=0 trace
T:07:54:00 Win2K-f 82.49.27.74 (POOL8249.INTERBUSINESS.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 31 0330af1285
[Firefox: 6 hits: 05-02 to 05-08] 		none[4] none:none
 none|none none trace
07:55:00 WinXP 195.215.227.78 (RAS.TELE.DK):
TELEDANMARK-DIAL-UP-USERS,
DK. 		n/a DE:siliconfireware.ru
:www.proxy-socks.net
:wpad
GB:new.egg.com
CA:www.bmo.com
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1011 hits: 05-01 to 05-09] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:08:03:00 Win2K-f 92.46.131.104 (IKBCC.COM):
EU-ZZ,
UK. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 31 c1f12e0109
[Firefox:11 hits: 04-28 to 05-09] 		none[4] none:none
 none|none none trace
08:09:00 WinXP 78.8.80.214 (NET.PL):
DIALOG,
WROCLAW, DOLNOSLASKIE, PL. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
08:20:00 Win2K-f 90.155.137.79 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
08:21:00 Win2K-f 89.180.219.5 (NET.NOVIS.PT):
IPGLOBAL,
LISBON, LISBOA, PT. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 31 af98fe0c94
[Firefox:51 hits: 04-27 to 05-09] 		480d076a0a [0] ASM:Graph
 ASProtect| lines=422
embedded dns 		trace
T:08:23:00 WinXP 117.5.151.179 (ADSL.VIETTEL.VN):
VIETEL CORPORATION,
HANOI, HA NOI, VN. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.8
profile 		none summary
tarball 		11 of 31 4620861e2d
[Firefox:11 hits: 04-27 to 05-09] 		none[4] none:none
 StarForce| none trace
T:08:25:00 WinXP 193.33.163.209 (-):
IACCES-NET,
RO. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 31 5b867354d5
NEW 		none[none] none:none
 none|none none none
08:28:00 WinXP 201.76.246.207 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
29 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:08:36:00 WinXP 89.214.93.2 (-):
TMN - TELECOMUNICACOES MOVEIS NACIONAIS SA,
PT. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
08:36:00 WinXP 85.244.90.121 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
GUIMARãES, BRAGA, PT. 		n/a DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000
DE:85.114.137.60:65520 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 32 275aa14617
NEW 		none[none] none:none
 none|none none none
T:08:46:00 WinXP 87.50.114.36 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
COPENHAGEN, COPENHAGEN, DK. 		n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 fe33876bb5
NEW 		0d26a6ec08 [0] ASM:Graph
 PolyEnE| lines=71 trace
08:46:00 WinXP 87.50.114.36 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
COPENHAGEN, COPENHAGEN, DK. 		n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 fe33876bb5
NEW 		0d26a6ec08 [0] ASM:Graph
 PolyEnE| lines=71 trace
T:08:50:00 Win2K-f 83.103.132.181 (ASTRAL.RO):
ASTRAL-CJ-DOCSIS,
CLUJ-NAPOCA, CLUJ, RO. 		210.217.196.11:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		22 of 32 dc8e1c63cd
[Firefox:80 hits: 12-27 to 05-09] 		e0eb8646ee [0] ASM:Graph
 none|none lines=601
embedded dns 		trace
08:53:00 WinXP 83.11.61.203 (TPNET.PL):
NEOSTRADA PLUS,
PL. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
T:08:53:00 WinXP 4.235.114.69 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
JACKSONVILLE, FLORIDA, US. (DIAL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1276 hits: 12-31 to 05-09] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
08:59:00 Win2K-f 189.55.192.16 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 32 53123fadcc
[Firefox:36 hits: 01-26 to 05-08] 		none[4] none:none
 none|none none trace
T:09:01:00 Win2K-f 83.61.46.188 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
MALAGA, ANDALUCIA, ES. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
09:02:00 Win2K-f 83.103.132.181 (ASTRAL.RO):
ASTRAL-CJ-DOCSIS,
CLUJ-NAPOCA, CLUJ, RO. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 32 dc8e1c63cd
[Firefox:80 hits: 12-27 to 05-09] 		e0eb8646ee [0] ASM:Graph
 none|none lines=601
embedded dns 		trace
T:09:12:00 WinXP 201.76.91.133 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:09:24:00 WinXP 78.172.129.238 (-):
TT ADSL-HUWAEI TTNET DYNAMIC_ACI,
ANKARA, ANKARA, TR. 		210.217.196.11:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 31 6b9249333c
NEW 		none[none] none:none
 none|none none none
09:30:00 Win2K-f 117.197.144.148 (-):
. 		85.186.32.116:7000 CN:hail.dns2go.com
KR:210.217.196.11:7000
US:63.149.6.91:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:09:31:00 Win2K-f 193.231.76.100 (EW.RO):
EUROWEB-ROMANIA-NET,
BUCHAREST, BUCURESTI, RO. (DIAL) 		85.186.32.116:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:09:34:00 Win2K-f 79.137.57.10 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000
RO:85.186.32.116:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
09:34:00 WinXP 78.16.169.1 (ESAT.NET):
ESAT TELECOMMUNICATIONS LIMITED,
IE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000
RO:85.186.32.116:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:09:36:00 WinXP 91.66.166.220 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000
RO:85.186.32.116:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 32 e9e84f9249
NEW 		none[none] none:none
 none|none none none
09:37:00 Win2K-f 212.30.190.35 (MTU.RU):
ZAO MTU-INTEL,
MOSCOW, MOSKVA, RU. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 31 cb89ccfe52
[Firefox: 6 hits: 04-29 to 05-09] 		881f6fa4b7 [0] ASM:Graph
 TXT2COM| lines=406
embedded dns 		trace
T:09:47:00 Win2K-f 92.11.203.118 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		85.186.32.116:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		27 of 31 e1b5e07fac
NEW 		none[none] none:none
 none|none none none
09:55:00 WinXP 118.169.39.85 (-):
. 		n/a DE:proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 31 0b8d225034
[Firefox: 2 hits: 05-04 to 05-05] 		d602884c66 [0] ASM:Graph
 FSG| lines=1993
embedded dns 		trace
09:55:00 WinXP 90.133.27.164 (SWIP.NET):
SWIPNET,
SE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000
RO:85.186.32.116:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:09:56:00 Win2K-f 124.43.103.147 (-):
INTERNET SERVICE PROVIDER IN SRI LANKA,
LK. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
10:04:00 WinXP 88.204.195.250 (METRO.ONLINE.KZ):
JSC KAZAKHTELECOM KARAGANDA AFFILIATE,
KARAGANDA, QARAGHANDY, KZ. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
10:13:00 Win2K-f 201.254.27.13 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000
US:63.149.6.91:7000
RO:85.186.32.116:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
10:14:00 Win2K-f 85.241.175.100 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
AVEIRO, AVEIRO, PT. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000
US:65.117.119.162:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
T:10:15:00 Win2K-f 81.69.150.199 (WANADOO.NL):
WANADOO NEDERLAND BV,
THE HAGUE, ZUID-HOLLAND, NL. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000
RO:85.186.32.116:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
10:18:00 WinXP 92.112.197.196 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:10:19:00 WinXP 213.22.20.114 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
T:10:25:00 WinXP 85.241.175.100 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
AVEIRO, AVEIRO, PT. (DSL) 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
T:10:41:00 Win2K-f 86.97.114.99 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
10:42:00 WinXP 190.49.185.215 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
10:55:00 Win2K-f 92.10.194.137 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 31 b776b8ff4a
NEW 		none[none] none:none
 none|none none none
11:03:00 WinXP 85.176.71.148 (ALICEDSL.DE):
HANSENET-ADSL,
HAMBURG, HAMBURG, DE. (DSL) 		n/a DE:proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443
DE:85.114.137.60:65520 		445 pcap raw alerts
ruleset 		shell
ftp
29 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 31 0963ba6524
NEW 		none[none] none:none
 none|none none none
11:07:00 WinXP 189.17.107.26 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
11:13:00 Win2K-f 61.227.7.143 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:11:20:00 Win2K-f 78.96.148.30 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
T:11:33:00 WinXP 62.169.116.169 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
LISBON, LISBOA, PT. (DSL) 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		54 of 62 d511f0fe16
NEW 		none[none] none:none
 none|none none none
T:11:37:00 WinXP 84.51.91.125 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 8f367186c3
[Firefox:65 hits: 12-27 to 05-09] 		01a06977c4 [0] ASM:Graph
 TXT2COM| lines=0 trace
11:44:00 WinXP 89.116.26.85 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
NERINGA, KLAIPEDOS APSKRITIS, LT. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 4f887ca272
[Firefox:34 hits: 01-26 to 05-08] 		4f887ca272 [1] ASM:Graph
 Stranik| lines=6 trace
T:12:01:00 WinXP 189.52.53.94 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
12:05:00 WinXP 78.171.43.177 (TTNET.NET.TR):
TELEKOM,
TR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
T:12:08:00 Win2K-f 79.138.186.115 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:12:22:00 WinXP 4.153.59.111 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LADYSMITH, VIRGINIA, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:430 hits: 05-02 to 05-03] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
12:25:00 WinXP 88.162.103.6 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
12:39:00 Win2K-f 41.234.24.240 (TEDATA.NET):
PROVIDER LOCAL REGISTRY,
EG. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
12:53:00 WinXP 87.97.224.97 (GGBIT.NET):
EKK CATV PLOVDIV,
PLOVDIV, PLOVDIV, BG. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		none none none none none none none
T:12:54:00 WinXP 83.73.222.6 (IP.TELE2ADSL.DK):
TELE2ADSL-NET,
COPENHAGEN, COPENHAGEN, DK. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:272 hits: 05-01 to 05-08] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
13:04:00 Win2K-f 88.214.175.239 (-):
GPRS COSTUMERS,
PT. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1
profile 		none summary
tarball 		26 of 31 7d3477019d
NEW 		none[none] none:none
 none|none none none
T:13:08:00 Win2K-f 190.50.120.64 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
13:09:00 Win2K-f 89.24.92.225 (4GINTERNET.CZ):
GPRS/UMTS CUSTOMER NETWORK,
CZ. 		n/a   445 pcap raw alerts
ruleset 		ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
13:15:00 WinXP 189.49.51.176 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
13:17:00 WinXP 213.22.170.102 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:13:23:00 WinXP 81.216.162.181 (SIWNET.NET):
WHOLESALE SOLUTIONS-ADSL,
SE. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:13:26:00 Win2K-f 190.50.95.36 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
13:29:00 WinXP 81.193.205.119 (DSL.TELEPAC.PT):
TELEPAC - COMUNICACOES INTERACTIVAS SA,
PT. (DSL) 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
13:59:00 Win2K-f 189.64.201.88 (-):
. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		16 of 29 10252565c9
[Firefox: 2 hits: 05-02 to 05-06] 		none[4] none:none
 none|none none trace
14:08:00 WinXP 208.222.44.174 (WHEATSTATE.COM):
NETWORK TOOL AND DIE COMPANY,
CHANUTE, KANSAS, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 393d3a40db
[Firefox: 3 hits: 12-14 to 05-07] 		8a0ff8065a [0] ASM:Graph
 PolyEnE| lines=76 trace
14:10:00 Win2K-f 117.195.16.166 (-):
. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
14:11:00 WinXP 89.146.191.101 (NET.BA):
BRAS PPPOE POOL UPGRADE,
SARAJEVO, FEDERATION OF BOSNIA AND HERZEGOVINA, BA. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 30 93282471f7
[Firefox:14 hits: 04-28 to 05-09] 		95951dee58 [0] ASM:Graph
 ASProtect| lines=0 trace
T:14:17:00 WinXP 86.96.106.71 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 		n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 ae353cfcaf
[Firefox: 2 hits: 03-29 to 04-10] 		795996ac06 [0] ASM:Graph
 PolyEnE| lines=78
embedded dns 		trace
14:21:00 WinXP 81.196.90.80 (RDSNET.RO):
RDS,
RO. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
30 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
14:33:00 Win2K-f 81.21.91.108 (-):
FOR ADSL CUSTOMERS,
AZ. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:14:35:00 WinXP 218.161.51.159 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:698 hits: 05-01 to 05-08] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
14:36:00 WinXP 218.161.51.159 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:698 hits: 05-01 to 05-08] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
15:01:00 Win2K-f 4.250.153.185 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
FAIR LAWN, NEW JERSEY, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
15:22:00 Win2K-f 41.214.151.210 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:15:26:00 Win2K-f 190.139.50.82 (NET.AR):
TELECOM ARGENTINA S.A,
AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
15:29:00 Win2K-f 189.63.6.11 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
15:31:00 WinXP 81.84.235.121 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
ALMADA, SETUBAL, PT. 		n/a   445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
15:40:00 WinXP 24.71.121.79 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:698 hits: 05-01 to 05-08] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
15:55:00 Win2K-f 170.51.204.26 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:15:55:00 WinXP 219.95.22.214 (TM.NET.MY):
ADSL-STREAMYX-TMNET,
PUCHONG, SELANGOR, MY. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
16:04:00 WinXP 189.48.224.168 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
16:10:00 WinXP 189.39.158.149 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:16:19:00 Win2K-f 89.24.24.239 (4GINTERNET.CZ):
GPRS/WBA CUSTOMER NETWORKS,
CZ. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
16:27:00 WinXP 4.235.114.225 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
JACKSONVILLE, FLORIDA, US. (DIAL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		18 of 29 0f033f7f3a
NEW 		none[none] none:none
 none|none none none
T:16:27:00 WinXP 4.235.114.225 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
JACKSONVILLE, FLORIDA, US. (DIAL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1276 hits: 12-31 to 05-09] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:16:34:00 Win2K-f 189.23.50.182 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:16:46:00 Win2K-f 213.22.160.40 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
T:16:51:00 WinXP 59.114.199.2 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 a92e3f8fc8
[Firefox:110 hits: 05-03 to 05-07] 		dfe02a1e52 [0] ASM:Graph
 PolyEnE| lines=68 trace
17:06:00 WinXP 201.69.94.9 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		11 of 31 4620861e2d
[Firefox:11 hits: 04-27 to 05-09] 		none[4] none:none
 StarForce| none trace
17:07:00 WinXP 200.127.65.67 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
17:08:00 Win2K-f 190.50.87.82 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
17:10:00 Win2K-f 190.50.182.254 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
17:21:00 WinXP 207.32.0.22 (NETINS.NET):
SOUTH SLOPE COOP TEL CO INC,
NORWAY, IOWA, US. (DIAL) 		n/a UA:citi-bank.ru
:parex-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		27 of 32 f190da6fbe
[Firefox:27 hits: 12-15 to 05-04] 		d8dc6af14c [0] ASM:Graph
 PolyEnE| lines=68 trace
T:17:26:00 Win2K-f 82.231.120.188 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		12 of 30 76b4ab852e
[Firefox:34 hits: 04-29 to 05-09] 		none[4] none:none
 none|none none trace
17:28:00 Win2K-f 200.234.104.212 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:17:32:00 Win2K-f 200.199.138.128 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		other
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:17:34:00 WinXP 89.214.175.83 (-):
TMN - TELECOMUNICACOES MOVEIS NACIONAIS SA,
PT. 		85.114.137.60:65520 210.217.196.11:7000 DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000
DE:85.114.137.60:65520 		445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.8
profile 		none summary
tarball 		27 of 32 8f64c3f9be
NEW 		none[none] none:none
 none|none none none
T:17:46:00 Win2K-f 219.95.217.102 (TM.NET.MY):
ADSL-STREAMYX-TMNET,
MY. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:17:48:00 Win2K-f 83.187.195.82 (CUST.TELE2.IT):
TELE2 ITALY S.A,
NAPOLI, CAMPANIA, IT. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
18:19:00 WinXP 218.227.2.205 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:376 hits: 12-31 to 05-09] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
18:26:00 Win2K-f 190.134.27.12 (-):
. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
18:41:00 Win2K-f 84.155.66.28 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
AUGSBURG, BAYERN, DE. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 30 b124ac86a8
NEW 		3e3ef3ba0d [0] ASM:Graph
 TXT2COM| lines=407
embedded dns 		trace
18:47:00 Win2K-f 4.246.150.65 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN JOSE, CALIFORNIA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
18:56:00 WinXP 4.88.41.255 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SHILOH, NORTH CAROLINA, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:698 hits: 05-01 to 05-08] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:19:07:00 Win2K-f 190.7.159.235 (-):
EMTELSA S.A. E.S.P,
CO. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
19:16:00 WinXP 92.228.197.77 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
19:19:00 WinXP 4.156.99.149 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BOSTON, MASSACHUSETTS, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:19:24:00 Win2K-f 190.175.205.168 (-):
. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
19:41:00 WinXP 190.134.184.128 (-):
. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
19:56:00 Win2K-f 61.229.139.32 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
30 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2597 hits: 12-31 to 05-09] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
20:06:00 Win2K-f 60.50.108.117 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
20:07:00 Win2K-f 190.50.119.64 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
irc
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		15 of 31 f4f4e9d34f
NEW 		none[none] none:none
 none|none none none
20:08:00 Win2K-f 78.57.28.35 (ZEBRA.LT):
LIETUVOS,
KAUNAS, KAUNO APSKRITIS, LT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
T:20:26:00 Win2K-f 60.50.151.22 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
20:34:00 Win2K-f 190.173.119.69 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
20:34:00 WinXP 125.84.238.79 (163DATA.COM.CN):
CHINANET CHONGQING PROVINCE NETWORK,
CHONGQING, CHONGQING, CN. 		n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 3f5ec58a6b
[Firefox:12 hits: 04-24 to 05-08] 		4a77430a59 [0] ASM:Graph
 PolyEnE| lines=70 trace
20:43:00 Win2K-f 118.169.231.52 (-):
. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2597 hits: 12-31 to 05-09] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
20:45:00 Win2K-f 122.118.7.230 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 890fb4fa10
[Firefox:42 hits: 12-27 to 05-06] 		b9c7f08a57 [0] ASM:Graph
 ASProtect| lines=393
embedded dns 		trace
20:45:00 WinXP 78.61.120.35 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
KAUNAS, KAUNO APSKRITIS, LT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
20:50:00 WinXP 12.73.150.203 (ATT.NET):
AT&T WORLDNET SERVICES,
MILWAUKEE, WISCONSIN, US. (DIAL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:2960 hits: 12-31 to 05-08] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
20:56:00 WinXP 116.75.165.60 (JWS.COM):
HATHWAY IP OVER CABLE INTERNET ACCESS SERVICE,
IN. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
21:09:00 Win2K-f 60.53.237.11 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 31 e3ed9b37bb
NEW 		none[none] none:none
 none|none none none
T:21:10:00 WinXP 59.113.113.119 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		210.217.196.11:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:21:12:00 Win2K-f 116.206.3.181 (-):
MOBIF WIRELESS BROADBAND SDN. BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 		210.217.196.11:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:21:15:00 Win2K-f 189.48.117.183 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
21:21:00 WinXP 190.172.92.102 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		18 of 32 7e28dac8de
[Firefox:12 hits: 04-27 to 05-09] 		none[4] none:none
 none|none none trace
T:21:32:00 WinXP 118.169.231.52 (-):
. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2597 hits: 12-31 to 05-09] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
21:33:00 Win2K-f 91.65.147.223 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 f515fcc0f7
[Firefox:10 hits: 12-28 to 05-07] 		dc7696e295 [0] ASM:Graph
 ASProtect| lines=422
embedded dns 		trace
21:36:00 WinXP 97.89.16.225 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 31 36a1bf4777
[Firefox: 2 hits: 05-08 to 05-09] 		none[4] none:none
 PolyEnE| none trace
21:53:00 WinXP 62.105.14.6 (ISURGUT.RU):
OPEN JOINT-STOCK COMPANY URALSVIAZINFORM,
RU. 		n/a CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 31 9b0c5ed538
[Firefox: 3 hits: 05-02 to 05-04] 		none[4] none:none
 none|none none trace
T:21:53:00 Win2K-f 61.229.139.32 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:21:57:00 WinXP 91.156.24.36 (ELISA-LAAJAKAISTA.FI):
ELISA,
FI. 		85.114.137.60:65520 210.217.196.11:7000 DE:proxim.ircgalaxy.pl
CN:scorti1.dns2go.com
KR:210.217.196.11:7000
DE:85.114.137.60:65520 		445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.8
profile 		none summary
tarball 		27 of 31 f30bfd6717
NEW 		none[none] none:none
 none|none none none
22:19:00 WinXP 4.143.234.230 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:2960 hits: 12-31 to 05-08] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:22:20:00 WinXP 4.143.234.230 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:2960 hits: 12-31 to 05-08] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
22:49:00 WinXP 61.223.73.197 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
KR:210.217.196.11:7000 		445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
23:22:00 WinXP 89.230.188.15 (MM.PL):
SZEL-SAT,
PL. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:23:45:00 WinXP 77.44.148.9 (HOST-213-178-230-63.ALOOLA.SY):
SYRIAN COMPUTER SOCIETY SCS,
SY. 		n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		18 of 31 7d2158208c
NEW 		none[none] none:none
 none|none none none
T:23:50:00 Win2K-f 78.145.172.91 (-):
OPAL TELECOM DSL,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:86 hits: 05-05 to 05-09] 		none[4] none:none
 none|none none trace
T:23:57:00 Win2K-f 89.218.2.18 (-):
ALMATYTELECOM,
KZ. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:964 hits: 04-27 to 05-09] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace