Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

14 May 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:11:00 Win2K-f 41.207.218.53 (ADSL-41-207-192-10.AVISO.CI):
AFRINIC,
CI. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

00:15:00 Win2K-f 85.15.83.90 (-):
VOSTOKTELECOM TELEPHONE COMPANY LIMITED LIABILITY COMPANY,
RU. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

00:22:00 WinXP 118.169.202.87 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2606 hits: 12-31 to 05-13] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:00:23:00 WinXP 89.218.99.122 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:00:43:00 Win2K-f 124.43.206.118 (-):
INTERNET SERVICE PROVIDER IN SRI LANKA,
COLOMBO, CENTRAL, LK. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

01:08:00 WinXP 119.17.101.93 (-):
. 85.114.137.60:80 DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.8
profile none summary
tarball 30 of 32 3f5ec58a6b
[Firefox:18 hits: 04-24 to 05-13] 4a77430a59 [0] ASM:Graph
PolyEnE| lines=70 trace

01:23:00 WinXP 81.230.92.163 (SKANOVA.COM):
TELIA NETWORK SERVICES,
ÄLMHULT, KRONOBERG, SE. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

01:40:00 Win2K-f 60.52.103.184 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
PUCHONG, SELANGOR, MY. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 d0dffaf5fd
[Firefox: 2 hits: 05-12 to 05-13] none[4] none:none
none|none none trace

01:53:00 Win2K-f 92.47.82.117 (IKBCC.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 10 of 32 639a247ece
[Firefox:29 hits: 04-28 to 05-12] 29d53eec72 [0] ASM:Graph
StarForce| lines=132 trace

01:54:00 WinXP 125.162.100.151 (-):
TLKM_D1_BB_SPEEDY_PG,
PALEMBANG, SUMATERA SELATAN, ID. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

T:02:05:00 Win2K-f 116.206.44.100 (-):
MOBIF WIRELESS BROADBAND SDN. BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:11:00 Win2K-f 88.102.199.203 (IOL.CZ):
XDSL NETWORK-ADSL,
PRAGUE, HLAVNI MESTO PRAHA, CZ. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:43 hits: 04-29 to 05-13] none[4] none:none
none|none none trace

T:02:15:00 WinXP 91.87.214.13 (SMTP.WIMI.BE):
MOBISTAR,
BE. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 20 of 31 e47d5fbf7e
[Firefox: 3 hits: 05-03 to 05-12] none[4] none:none
none|none none trace

02:17:00 WinXP 92.8.122.188 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 85.114.137.60:80 DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000
DE:85.114.137.60:80 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 27 of 32 0b7a05f783
NEW none[4] none:none
none|none none trace

02:24:00 WinXP 85.196.220.169 (STV.EE):
PARNU UBR'S,
PARNU, PARNUMAA, EE. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

03:22:00 Win2K-f 78.159.148.57 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 f515fcc0f7
[Firefox:13 hits: 12-28 to 05-12] dc7696e295 [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

03:41:00 Win2K-f 206.51.174.30 (POSTPRINTING.COM):
NEW KNOXVILLE TELEPHONE COMPANY,
NEW KNOXVILLE, OHIO, US. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2606 hits: 12-31 to 05-13] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:03:55:00 WinXP 213.133.14.14 (-):
SPINN INTERNATIONAL APS,
DK. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

03:57:00 WinXP 90.155.137.79 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

T:04:03:00 Win2K-f 41.210.128.109 (-):
PROVIDER,
UG. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 18 of 31 278459b105
[Firefox: 2 hits: 04-30 to 05-07] none[4] none:none
none|none none trace

04:08:00 Win2K-f 118.169.48.182 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2606 hits: 12-31 to 05-13] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

04:35:00 WinXP 151.81.1.121 (38-151.NET24.IT):
IUNET-BNET,
IT. (DSL) n/a EU:siliconfireware.ru
EU:ebookfinaltrash.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1013 hits: 05-01 to 05-13] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

04:44:00 WinXP 59.117.125.107 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2606 hits: 12-31 to 05-13] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

05:05:00 Win2K-f 67.211.134.19 (-):
. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:05:19:00 Win2K-f 85.71.24.164 (IOL.CZ):
XDSL NETWORK-ADSL,
PRAGUE, HLAVNI MESTO PRAHA, CZ. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.8
profile none summary
tarball 19 of 32 468140ed8f
[Firefox: 3 hits: 05-07 to 05-13] none[4] none:none
none|none none trace

05:20:00 Win2K-f 125.232.233.43 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2606 hits: 12-31 to 05-13] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

05:54:00 Win2K-f 62.97.246.10 (BKKB.NO):
BKKB--LINK-NET-STORD,
MILANO, LOMBARDIA, IT. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

06:03:00 Win2K-f 77.238.204.199 (-):
KABLOVSKA TELEVIZIJA HS D.O.O SARAJEVO,
BA. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

06:14:00 Win2K-f 61.224.96.165 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2606 hits: 12-31 to 05-13] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

06:40:00 Win2K-f 212.233.194.141 (-):
NTL,
FR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
23 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:06:45:00 Win2K-f 92.113.209.103 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 222.177.11.165:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 31 c1f12e0109
[Firefox:14 hits: 04-28 to 05-13] none[4] none:none
none|none none trace

06:49:00 WinXP 211.18.114.181 (DION.NE.JP):
DION (KDDI CORPORATION),
JP. (DIAL) n/a DE:siliconfireware.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:444 hits: 05-04 to 05-13] none[3] none:none
ASPack| none trace

07:27:00 WinXP 62.215.21.240 (-):
FAST TELCO CUSTOMER ACCESS SERVERS,
KUWAIT, AL KUWAYT, KW. n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 32 7a5f6bb516
NEW none[4] none:none
PolyEnE| none trace

T:07:27:00 WinXP 70.75.89.66 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
1027 lines Yeah : 0.8
profile none summary
tarball 10 of 32 11f4d79c99
NEW none[3] none:none
none|none none trace

08:44:00 WinXP 164.41.16.23 (INETCAM.COM.BR):
UNIVERSIDADE DE BRASILIA,
BRASíLIA, DISTRITO FEDERAL, BR. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 33 bce12aa21f
[Firefox: 2 hits: 05-12 to 05-12] none[4] none:none
PolyEnE| none trace

T:08:52:00 WinXP 125.162.103.225 (-):
TLKM_D1_BB_SPEEDY_PG,
PALEMBANG, SUMATERA SELATAN, ID. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

T:09:05:00 Win2K-f 78.156.201.18 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 18 of 32 b4ad631671
[Firefox: 6 hits: 04-29 to 05-10] 5890f017cc [0] ASM:Graph
StarForce| lines=28 trace

09:24:00 WinXP 79.78.175.223 (AS9105.COM):
TELINCO,
UK. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2606 hits: 12-31 to 05-13] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

09:56:00 Win2K-f 87.20.15.125 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
CASERTA, CAMPANIA, IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:09:57:00 Win2K-f 84.40.237.219 (NET.PL):
STATIC BROADBAND SERVICES,
WROCLAW, DOLNOSLASKIE, PL. (DIAL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

09:58:00 WinXP 159.134.57.215 (EIRCOM.NET):
EIRCOM GROUP PLC,
GALWAY, GALWAY, IE. n/a DE:siliconfireware.ru
GB:new.egg.com
:wpad
RU:www.bbin.ru
DE:212.227.111.29:80
DE:217.11.54.126:80
GB:217.145.225.22:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1013 hits: 05-01 to 05-13] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

10:07:00 WinXP 4.232.45.175 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PICO RIVERA, CALIFORNIA, US. (DIAL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1282 hits: 12-31 to 05-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:10:14:00 Win2K-f 85.196.223.227 (-):
ADDITIONAL NETWORK FOR PARNU CITY,
PARNU, PARNUMAA, EE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:47:00 WinXP 91.58.235.165 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:43 hits: 04-29 to 05-13] none[4] none:none
none|none none trace

10:49:00 Win2K-f 190.0.143.174 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
MONTEVIDEO, MONTEVIDEO, UY. (DIAL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:51:00 WinXP 190.4.43.22 (GRUPONAVEGA.COM):
NAVEGA.COM S.A,
GT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 18 of 32 7e28dac8de
[Firefox:16 hits: 04-27 to 05-13] none[4] none:none
none|none none trace

T:10:52:00 Win2K-f 90.133.9.9 (SWIP.NET):
SWIPNET,
SE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

11:00:00 Win2K-f 62.134.120.22 (IGNITE.NET):
BT IGNITE DIALIN,
HERNE, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
19 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:00:00 Win2K-f 201.250.157.88 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:11:09:00 WinXP 164.41.49.172 (INETCAM.COM.BR):
UNIVERSIDADE DE BRASILIA,
BRASíLIA, DISTRITO FEDERAL, BR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 33 bce12aa21f
[Firefox: 2 hits: 05-12 to 05-12] none[4] none:none
PolyEnE| none trace

11:10:00 WinXP 164.41.49.172 (INETCAM.COM.BR):
UNIVERSIDADE DE BRASILIA,
BRASíLIA, DISTRITO FEDERAL, BR. n/a UA:citi-bank.ru
EU:kidos-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 33 bce12aa21f
[Firefox: 2 hits: 05-12 to 05-12] none[4] none:none
PolyEnE| none trace

11:15:00 WinXP 170.51.211.230 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a UA:citi-bank.ru
:parex-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2971 hits: 12-31 to 05-13] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:11:16:00 WinXP 170.51.211.230 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2971 hits: 12-31 to 05-13] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

11:33:00 WinXP 92.12.177.67 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:11:37:00 Win2K-f 79.81.10.110 (G-M-I.NET):
EU-ZZ,
UK. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 21 of 31 0ca18d1183
[Firefox: 2 hits: 04-27 to 05-05] none[4] none:none
none|none none trace

11:44:00 Win2K-f 84.51.81.46 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:51:00 WinXP 91.78.38.96 (MTU-NET.RU):
ZAO MTU-INTEL,
MOSCOW, MOSKVA, RU. (DIAL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

11:54:00 WinXP 125.163.227.217 (-):
TLKM_D4_BB_SPEEDY_YK,
JAKARTA, JAKARTA RAYA (DJAKARTA RAYA), ID. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

12:05:00 WinXP 79.138.36.91 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:12:05:00 Win2K-f 86.97.131.94 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
ABU DHABI, ABU DHABI, AE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

12:24:00 Win2K-f 213.194.205.96 (IOL.CZ):
PROVIDER LOCAL REGISTRY,
CESKE BUDEJOVICE, JIHOCESKY KRAJ, CZ. n/a DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 29 of 33 5c50482db6
NEW none[4] none:none
none|none none trace

T:12:24:00 Win2K-f 189.61.33.35 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 26 of 32 9a65fa4287
NEW none[4] none:none
none|none none trace

T:12:35:00 WinXP 89.106.108.147 (-):
OPTILINK,
BG. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:40:00 Win2K-f 190.50.58.184 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 31 d204807364
NEW none[4] none:none
none|none none trace

12:45:00 Win2K-f 82.231.120.188 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:43 hits: 04-29 to 05-13] none[4] none:none
none|none none trace

12:48:00 WinXP 190.138.241.136 (NET.AR):
TELECOM ARGENTINA S.A,
AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:50:00 WinXP 190.48.208.131 (COM.AR):
TELEFONICA DE ARGENTINA,
CIPOLLETTI, NEUQUEN, AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 23 of 31 14ef234ad3
[Firefox:10 hits: 04-29 to 05-13] none[4] none:none
none|none none trace

12:53:00 Win2K-f 92.112.6.151 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 32 fd0bf48a75
[Firefox: 9 hits: 04-28 to 05-12] none[3] none:none
ASProtect| none trace

T:13:25:00 WinXP 85.132.136.95 (IOL.CZ):
PROVIDER LOCAL REGISTRY,
CESKE BUDEJOVICE, JIHOCESKY KRAJ, CZ. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

13:37:00 Win2K-f 189.23.52.119 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

13:48:00 WinXP 200.165.19.216 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:56:00 WinXP 92.13.101.182 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

13:57:00 Win2K-f 80.135.250.140 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
COLOGNE, NORDRHEIN-WESTFALEN, DE. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 28 of 32 3518ff6a2e
NEW none[4] none:none
none|none none trace

14:09:00 WinXP 87.18.36.150 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
CASERTA, CAMPANIA, IT. 217.170.244.2:443 DE:proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset shell
ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 30 of 32 07c961625f
NEW none[4] none:none
FSG| none trace

T:14:17:00 Win2K-f 87.14.244.111 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
VICENZA, VENETO, IT. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

14:22:00 WinXP 86.139.132.202 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

T:14:49:00 WinXP 87.59.52.114 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 30 of 33 ec8d2f9913
NEW none[4] none:none
PolyEnE| none trace

T:14:58:00 Win2K-f 80.41.146.201 (AS9105.COM):
TISCALI UK LTD,
LONDON, ENGLAND, UK. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

15:24:00 Win2K-f 201.74.157.180 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

15:24:00 WinXP 62.162.76.140 (-):
MOBI IP SUBNET,
OHRID, OHRID, MK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 03d714d33d
[Firefox: 2 hits: 05-06 to 05-06] none[4] none:none
none|none none trace

15:26:00 WinXP 91.78.117.255 (MTU-NET.RU):
ZAO MTU-INTEL,
MOSCOW, MOSKVA, RU. (DIAL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

15:32:00 WinXP 92.40.48.149 (IKBCC.COM):
EU-ZZ,
UK. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2606 hits: 12-31 to 05-13] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

15:36:00 Win2K-f 83.44.192.233 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
MALAGA, ANDALUCIA, ES. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

15:42:00 WinXP 62.33.224.153 (PROMAGRO.ORG):
(VR000047) OSKOLNET,
RU. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.8
profile none summary
tarball 28 of 33 7d50aeb749
NEW none[4] none:none
none|none none trace

15:52:00 Win2K-f 4.255.218.120 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SODDY DAISY, TENNESSEE, US. (DIAL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2606 hits: 12-31 to 05-13] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:15:57:00 WinXP 79.131.46.186 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

16:01:00 Win2K-f 190.189.100.160 (NET.AR):
PRIMA S.A,
AR. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

T:16:12:00 Win2K-f 118.174.80.238 (-):
. 222.177.11.165:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 13 of 32 53123fadcc
[Firefox:44 hits: 01-26 to 05-13] none[4] none:none
none|none none trace

T:16:16:00 WinXP 98.105.221.212 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1282 hits: 12-31 to 05-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

16:26:00 Win2K-f 189.15.219.74 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:16:58:00 Win2K-f 201.212.77.193 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

17:13:00 Win2K-f 4.224.0.34 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CINCINNATI, OHIO, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

17:22:00 Win2K-f 189.58.244.84 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:17:23:00 WinXP 190.189.180.205 (NET.AR):
PRIMA S.A,
AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

17:32:00 Win2K-f 190.50.109.25 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

18:17:00 WinXP 97.89.103.146 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2606 hits: 12-31 to 05-13] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

18:23:00 Win2K-f 189.6.101.221 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:18:40:00 Win2K-f 190.138.130.16 (NET.AR):
TELECOM ARGENTINA S.A,
AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

19:03:00 WinXP 76.173.37.211 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset other
0 lines Yeah : 1.3
profile none summary
tarball 29 of 29 32a0d7d0e0
[Firefox:38 hits: 05-04 to 05-03] d791762796 [0] ASM:Graph
tElock| lines=81
embedded dns trace

T:19:23:00 Win2K-f 91.200.98.140 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

19:23:00 WinXP 78.130.80.47 (REV.OPTIMUS.PT):
OPTIMUS TELECOMUNICAGUES S.A,
PT. 222.177.11.165:7000 DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 28 of 33 a050cd54ff
NEW none[4] none:none
none|none none trace

19:49:00 WinXP 208.100.253.141 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 986b59708d
[Firefox:286 hits: 05-03 to 05-08] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

19:55:00 Win2K-f 82.200.247.226 (-):
ALMATYTELECOM,
KZ. 222.177.11.165:7000 CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.8
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:59 hits: 04-27 to 05-13] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

T:20:24:00 WinXP 125.233.72.46 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

21:13:00 Win2K-f 90.189.40.141 (KRASNET.RU):
KRASNET KRASNOYARSK REGIONAL TELECOMMUNICATIONS NETWORK,
KRASNOYARSK, KRASNOYARSKIY KRAY, RU. n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:21:19:00 Win2K-f 189.54.151.216 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:166 hits: 05-05 to 05-13] none[4] none:none
none|none none trace

T:21:32:00 WinXP 98.150.166.2 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1282 hits: 12-31 to 05-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

22:26:00 Win2K-f 213.197.10.57 (CONCEPTS.NL):
WESTBRABANT NET,
AMSTERDAM, NOORD-HOLLAND, NL. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

22:52:00 Win2K-f 189.61.43.147 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
19 lines Yeah : 1.3
profile none summary
tarball 21 of 32 79c09d086f
NEW none[4] none:none
none|none none trace

T:22:58:00 Win2K-f 218.161.98.23 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset shell
3 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:23:50:00 Win2K-f 78.159.237.122 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1162 hits: 04-27 to 05-13] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

23:53:00 Win2K-f 93.108.94.172 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:23:58:00 WinXP 193.250.70.2 (ABO.WANADOO.FR):
WANADOO,
PARIS, ILE-DE-FRANCE, FR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Argh : 0.3
profile none summary
tarball none none none none none none none

23:59:00 Win2K-f 92.113.130.180 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 31 c1f12e0109
[Firefox:14 hits: 04-28 to 05-13] none[4] none:none
none|none none trace