Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

16 May 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:17:00 WinXP 82.207.11.249 (UKRTEL.NET):
UKRTELNET,
UA. 		222.177.11.165:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
23 lines 		Yeah : 1.8
profile 		none summary
tarball 		13 of 32 53123fadcc
[Firefox:46 hits: 01-26 to 05-15] 		none[4] none:none
 none|none none trace
T:00:19:00 Win2K-f 77.209.82.3 (AIRTEL.NET):
VODAFONE ESPANA S.A,
ES. 		222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:00:28:00 Win2K-f 89.146.147.126 (NET.BA):
BRAS PPPOE POOL UPGRADE,
SARAJEVO, FEDERATION OF BOSNIA AND HERZEGOVINA, BA. 		222.177.11.165:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		11 of 32 e5d062be59
[Firefox: 6 hits: 12-28 to 05-15] 		none[4] none:none
 ASPack| none trace
T:00:39:00 WinXP 60.53.86.141 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 		n/a   445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
00:41:00 WinXP 117.199.81.2 (-):
. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:00:54:00 Win2K-f 82.55.168.67 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. 		n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
00:55:00 WinXP 117.1.188.62 (ADSL.VIETTEL.VN):
VIETEL CORPORATION,
HANOI, HA NOI, VN. 		85.114.137.60:65520 222.177.11.165:7000 DE:proxim.ircgalaxy.pl
CN:scorti1.dns2go.com
DE:dl2.teenpassage.com
DE:85.114.137.60:65520
DE:85.114.143.2:80 		445 pcap raw alerts
ruleset 		ftp
irc
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		none 15e3c1deb8
NEW 		none[4] none:none
 none|none none trace
00:56:00 Win2K-f 92.4.87.208 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:196 hits: 05-05 to 05-15] 		none[4] none:none
 none|none none trace
T:00:56:00 Win2K-f 85.186.76.138 (-):
ASTRAL ZALAU DOCSIS,
RO. (100Mbps) 		n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 8f367186c3
[Firefox:76 hits: 12-27 to 05-15] 		01a06977c4 [0] ASM:Graph
 TXT2COM| lines=0 trace
T:01:09:00 Win2K-f 59.115.238.93 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 32 94a6d556e1
NEW 		none[4] none:none
 none|none none trace
01:27:00 WinXP 79.126.50.35 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:01:31:00 WinXP 92.46.150.98 (IKBCC.COM):
EU-ZZ,
UK. 		222.177.11.165:7000 CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 31 af98fe0c94
[Firefox:63 hits: 04-27 to 05-15] 		480d076a0a [0] ASM:Graph
 ASProtect| lines=422
embedded dns 		trace
01:41:00 WinXP 123.216.233.83 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:588 hits: 07-11 to 05-15] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
02:38:00 Win2K-f 61.223.232.113 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a   445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:02:39:00 Win2K-f 85.24.168.13 (BAHNHOF.SE):
BAHNHOF INTERNET AB,
SE. 		222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:196 hits: 05-05 to 05-15] 		none[4] none:none
 none|none none trace
T:02:55:00 Win2K-f 93.120.153.170 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		222.177.11.165:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.8
profile 		none summary
tarball 		19 of 30 93282471f7
[Firefox:16 hits: 04-28 to 05-12] 		95951dee58 [0] ASM:Graph
 ASProtect| lines=0 trace
T:03:01:00 WinXP 60.51.101.7 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 		222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
03:04:00 Win2K-f 60.47.192.209 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 		222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
03:12:00 Win2K-f 87.205.244.177 (INETIA.PL):
NETIA,
VIENNA, WIEN, AT. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
03:56:00 Win2K-f 200.226.0.145 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
03:59:00 Win2K-f 190.17.53.157 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:04:22:00 Win2K-f 209.226.123.140 (BELL.CA):
BELL CANADA,
OTTAWA, ONTARIO, CA. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
04:26:00 Win2K-f 60.51.100.148 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:196 hits: 05-05 to 05-15] 		none[4] none:none
 none|none none trace
04:47:00 Win2K-f 84.170.98.153 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
ASCHAFFENBURG, BAYERN, DE. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 32 32b7295760
[Firefox: 2 hits: 05-04 to 05-07] 		443ee2d2f0 [0] ASM:Graph
 TXT2COM| lines=11 trace
T:04:51:00 WinXP 64.85.221.161 (SOCKET.NET):
SOCKET INTERNET SERVICES CORPORATION,
MEXICO, MISSOURI, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:704 hits: 05-01 to 05-13] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:05:02:00 Win2K-f 91.66.121.117 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		85.114.137.60:65520 DE:proxim.ircgalaxy.pl
CN:scorti1.dns2go.com
DE:dl2.teenpassage.com
IL:ymq.a1001186.wrs.mcboo.com
IL:194.90.224.86:80
CN:222.177.11.165:7000
DE:85.114.137.60:65520 		445 pcap raw alerts
ruleset 		ftp
irc
http
44 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32
29 of 33		 54df1dbf7e
NEW
c0e4027c8e
NEW 		54df1dbf7e [1]
none [4] 		ASM:Graph
none:none
 StarForce|
ASProtect| 		lines=6
none 		trace
trace
05:03:00 WinXP 201.252.213.2 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:05:07:00 WinXP 190.49.236.12 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:196 hits: 05-05 to 05-15] 		none[4] none:none
 none|none none trace
05:09:00 Win2K-f 89.1.59.106 (BARAK-ONLINE.NET):
BARAK,
MODIIN, HAMERKAZ (CENTRAL), IL. 		222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:05:11:00 Win2K-f 92.8.244.155 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		27 of 31 e1b5e07fac
NEW 		none[4] none:none
 none|none none trace
05:11:00 Win2K-f 122.120.130.168 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
05:25:00 WinXP 86.97.43.133 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:05:26:00 Win2K-f 190.17.53.157 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
05:56:00 Win2K-f 190.50.110.31 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:196 hits: 05-05 to 05-15] 		none[4] none:none
 none|none none trace
T:05:57:00 Win2K-f 89.144.140.241 (-):
UNIVERSITY OF GUILAN,
IR. 		n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 27cff6b597
NEW 		none[4] none:none
 none|none none trace
06:03:00 WinXP 212.96.102.86 (STV.RU):
TRUNK LINE EXCHANGE OF STAVROPOL,
RU. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:06:07:00 WinXP 41.234.12.248 (TEDATA.NET):
PROVIDER LOCAL REGISTRY,
EG. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com 		445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
06:18:00 Win2K-f 79.178.224.96 (BEZEQINT.NET):
ADSL-CUSTOMER-CONNECTION,
IL. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:196 hits: 05-05 to 05-15] 		none[4] none:none
 none|none none trace
06:21:00 WinXP 58.156.44.211 (UCOM.NE.JP):
IML,
JP. 		n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 32 dc8e1c63cd
[Firefox:87 hits: 12-27 to 05-15] 		e0eb8646ee [0] ASM:Graph
 none|none lines=601
embedded dns 		trace
T:06:23:00 Win2K-f 211.52.165.85 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a   135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
06:55:00 Win2K-f 116.75.164.25 (JWS.COM):
HATHWAY IP OVER CABLE INTERNET ACCESS SERVICE,
IN. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
07:26:00 WinXP 82.174.174.231 (DSL.VERSATELADSL.BE):
VERSATEL ADSL (DHCP SCOOP BRUSSEL) BELGIUM,
BRUSSELS, BRUSSELS, BE. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
07:37:00 Win2K-f 92.112.196.54 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 31 f0e02bee5f
[Firefox: 3 hits: 04-27 to 05-15] 		none[4] none:none
 none|none none trace
T:07:41:00 Win2K-f 87.19.147.133 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
07:43:00 Win2K-f 87.187.190.23 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
BERLIN, BERLIN, DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 5019ff53bf
NEW 		none[4] none:none
 none|none none trace
T:08:37:00 Win2K-f 60.48.184.16 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
PUCHONG, SELANGOR, MY. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:196 hits: 05-05 to 05-15] 		none[4] none:none
 none|none none trace
T:08:38:00 WinXP 88.204.157.154 (-):
ALMATYTELECOM,
KZ. 		222.177.11.165:7000 CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 31 af98fe0c94
[Firefox:63 hits: 04-27 to 05-15] 		480d076a0a [0] ASM:Graph
 ASProtect| lines=422
embedded dns 		trace
T:09:09:00 Win2K-f 217.201.219.37 (-):
TELECOM ITALIA MOBILE,
IT. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		none 5e1a836af5
NEW 		none[4] none:none
 FSG| none trace
T:09:10:00 Win2K-f 220.111.196.31 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
09:13:00 WinXP 88.85.18.69 (NET2000.CH):
BROADBAND CUSTOMER,
NEUCHATEL, NEUCHATEL, CH. 		222.177.11.165:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 31 af98fe0c94
[Firefox:63 hits: 04-27 to 05-15] 		480d076a0a [0] ASM:Graph
 ASProtect| lines=422
embedded dns 		trace
09:18:00 Win2K-f 83.103.132.181 (ASTRAL.RO):
ASTRAL-CJ-DOCSIS,
CLUJ-NAPOCA, CLUJ, RO. 		n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 32 dc8e1c63cd
[Firefox:87 hits: 12-27 to 05-15] 		e0eb8646ee [0] ASM:Graph
 none|none lines=601
embedded dns 		trace
T:09:25:00 Win2K-f 78.32.118.146 (ENTA.NET):
ENTANET,
UK. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2617 hits: 12-31 to 05-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
09:35:00 Win2K-f 92.112.60.86 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 31 f0e02bee5f
[Firefox: 3 hits: 04-27 to 05-15] 		none[4] none:none
 none|none none trace
T:09:38:00 Win2K-f 190.225.33.69 (-):
. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
09:52:00 Win2K-f 62.169.106.42 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
LISBON, LISBOA, PT. (DSL) 		n/a DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000
DE:85.114.137.60:80 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 52338e9fc1
NEW 		none[4] none:none
 none|none none trace
T:09:59:00 Win2K-f 91.66.105.127 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		27 of 31 4842a5d70d
NEW 		none[4] none:none
 none|none none trace
T:10:13:00 Win2K-f 89.207.69.54 (-):
JOINT STOCK COMPANY SVYAZIST,
RU. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 5c151befe0
NEW 		none[4] none:none
 none|none none trace
10:21:00 Win2K-f 84.99.217.7 (GAOLAND.NET):
DYNAMIC POOLS,
FR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
10:31:00 Win2K-f 89.254.229.58 (-):
JSC VOLGATELECOM,
RU. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:10:33:00 WinXP 170.51.180.137 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
10:35:00 WinXP 88.170.232.106 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 4e9457ee8b
NEW 		none[4] none:none
 StarForce| none trace
10:54:00 WinXP 89.106.109.129 (-):
OPTILINK,
BG. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
10:56:00 Win2K-f 213.185.226.148 (-):
TRANSINTERCOM D.O.O,
ZADAR, ZADARSKA, HR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
10:57:00 WinXP 90.151.29.233 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. 		n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 31 cb89ccfe52
[Firefox:10 hits: 04-29 to 05-15] 		881f6fa4b7 [0] ASM:Graph
 TXT2COM| lines=406
embedded dns 		trace
11:03:00 Win2K-f 91.64.227.181 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 16044bb1ff
NEW 		none[4] none:none
 none|none none trace
11:12:00 Win2K-f 62.215.127.11 (-):
FAST TELCO INFRA STRUCTURE SKB-NRPS IP ADDRESSES,
KW. 		n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none d464763855
NEW 		none[4] none:none
 ASProtect| none trace
11:20:00 WinXP 91.134.15.124 (-):
TELENET LTD ASSIGMENT,
BG. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 32 4b9bdc4835
NEW 		none[4] none:none
 none|none none trace
11:38:00 Win2K-f 201.51.79.20 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
11:52:00 Win2K-f 89.242.96.156 (-):
OPAL TELECOM DSL,
LONDON, ENGLAND, UK. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		12 of 30 76b4ab852e
[Firefox:48 hits: 04-29 to 05-15] 		none[4] none:none
 none|none none trace
12:01:00 WinXP 87.10.132.63 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
PRATO, TOSCANA, IT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:12:06:00 WinXP 151.33.75.68 (33-151.IOL.IT):
ITALIA ONLINE S.P.A,
MILANO, LOMBARDIA, IT. (DIAL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 7947cc5c5b
[Firefox: 3 hits: 03-25 to 04-18] 		1a99881187 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
12:11:00 Win2K-f 77.210.2.119 (AIRTEL.NET):
VODAFONE ESPANA S.A,
ES. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
12:35:00 Win2K-f 201.69.94.146 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		11 of 31 4620861e2d
[Firefox:13 hits: 04-27 to 05-10] 		none[4] none:none
 StarForce| none trace
T:12:55:00 Win2K-f 83.131.87.180 (APEXCOVANTAGE.COM):
T-COM CROATIA INTERNET NETWORK,
ZAGREB, GRAD ZAGREB, HR. (DSL) 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:13:15:00 Win2K-f 213.244.198.52 (VERAT.NET):
VERAT-NET,
CS. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
13:16:00 WinXP 93.108.4.139 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		10 of 32 639a247ece
[Firefox:30 hits: 04-28 to 05-14] 		29d53eec72 [0] ASM:Graph
 StarForce| lines=132 trace
T:13:28:00 WinXP 82.241.191.112 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 9a331ca0d6
NEW 		none[4] none:none
 PolyEnE| none trace
13:31:00 WinXP 76.182.69.137 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:2974 hits: 12-31 to 05-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:13:39:00 WinXP 83.97.188.161 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 1e5df7ba74
[Firefox:12 hits: 03-24 to 05-12] 		a5331b711f [0] ASM:Graph
 PolyEnE| lines=68 trace
13:39:00 WinXP 83.97.188.161 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 1e5df7ba74
[Firefox:12 hits: 03-24 to 05-12] 		a5331b711f [0] ASM:Graph
 PolyEnE| lines=68 trace
13:51:00 Win2K-f 190.5.203.10 (EMTEL.NET.CO):
EMTEL S.A. E.S.P,
CO. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
14:13:00 Win2K-f 92.13.8.26 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:14:27:00 WinXP 83.8.96.71 (TPNET.PL):
NEOSTRADA PLUS,
PL. 		222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
14:37:00 WinXP 201.254.248.149 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
14:45:00 Win2K-f 82.52.73.173 (POOL8252.INTERBUSINESS.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
MILANO, LOMBARDIA, IT. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:14:46:00 WinXP 212.66.80.176 (CUST.TELE2.LU):
TELE2 LUXEMBOURG S.A,
LUXEMBOURG, LUXEMBOURG, LU. 		222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		27 of 30 b6d843862c
NEW 		none[4] none:none
 none|none none trace
T:14:58:00 Win2K-f 79.205.121.216 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 		222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:196 hits: 05-05 to 05-15] 		none[4] none:none
 none|none none trace
T:15:12:00 Win2K-f 80.225.200.124 (TISCALI.COM):
TELINCO-DIALPOOL,
LONDON, ENGLAND, UK. (DIAL) 		217.170.244.2:443 DE:proxim.ircgalaxy.pl
DE:85.114.137.60:65520 		445 pcap raw alerts
ruleset 		shell
ftp
irc
29 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 32 7da73663ea
NEW 		none[4] none:none
 FSG| none trace
15:22:00 WinXP 190.173.104.218 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
15:23:00 WinXP 189.23.212.163 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
15:54:00 WinXP 75.138.112.232 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
16:12:00 WinXP 217.202.2.154 (-):
TELECOM ITALIA MOBILE,
IT. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
16:13:00 Win2K-f 190.172.240.183 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		18 of 32 7e28dac8de
[Firefox:18 hits: 04-27 to 05-15] 		none[4] none:none
 none|none none trace
16:24:00 WinXP 195.102.4.133 (U-NET.NET):
U-NET INTERNAL USE,
UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
16:25:00 WinXP 92.13.73.121 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:16:28:00 WinXP 72.224.31.120 (RR.COM):
ROAD RUNNER HOLDCO LLC,
DELMAR, NEW YORK, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:landdev1.lap.internal
RU:www.bbin.ru
:wpad
RU:195.200.213.52:80
US:208.73.212.12:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1016 hits: 05-01 to 05-15] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
16:56:00 WinXP 12.77.175.245 (ATT.NET):
AT&T WORLDNET SERVICES,
NORTH LITTLE ROCK, ARKANSAS, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:17:01:00 WinXP 86.96.9.32 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1286 hits: 12-31 to 05-15] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
17:09:00 WinXP 190.172.206.219 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		18 of 32 7e28dac8de
[Firefox:18 hits: 04-27 to 05-15] 		none[4] none:none
 none|none none trace
17:22:00 Win2K-f 60.44.170.111 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		85.114.137.60:65520 217.170.244.2:443 DE:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
CZ:217.170.244.2:443
CZ:82.114.64.251:443
DE:85.114.137.60:65520
DE:85.114.143.2:80 		445 pcap raw alerts
ruleset 		shell
ftp
irc
33 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 a4a30636e5
NEW 		none[4] none:none
 FSG| none trace
T:17:22:00 WinXP 122.118.67.67 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
18:15:00 WinXP 118.174.71.124 (-):
. 		222.177.11.165:7000 CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 1.8
profile 		none summary
tarball 		13 of 32 53123fadcc
[Firefox:46 hits: 01-26 to 05-15] 		none[4] none:none
 none|none none trace
18:22:00 Win2K-f 190.175.132.89 (-):
. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:196 hits: 05-05 to 05-15] 		none[4] none:none
 none|none none trace
18:37:00 WinXP 190.128.71.192 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
MANIZALES, CALDAS, CO. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
18:47:00 WinXP 190.188.102.124 (NET.AR):
PRIMA S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
19:26:00 Win2K-f 190.173.118.130 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
19:33:00 WinXP 58.90.237.227 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:588 hits: 07-11 to 05-15] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
19:39:00 WinXP 124.87.178.158 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
19:45:00 Win2K-f 189.36.186.214 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:19:48:00 Win2K-f 60.51.18.32 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KOTA KINABALU, SABAH, MY. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
19:59:00 Win2K-f 220.141.56.113 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none bc3bc01a41
NEW 		none[4] none:none
 none|none none trace
T:20:01:00 WinXP 90.150.239.244 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. 		222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:20:05:00 Win2K-f 216.78.32.4 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
ATLANTA, GEORGIA, US. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2617 hits: 12-31 to 05-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
20:23:00 WinXP 190.17.133.71 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:2974 hits: 12-31 to 05-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
20:27:00 Win2K-f 218.171.218.101 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
20:39:00 WinXP 92.112.8.247 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 32 fd0bf48a75
[Firefox:10 hits: 04-28 to 05-14] 		none[3] none:none
 ASProtect| none trace
T:20:44:00 WinXP 220.138.18.21 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		217.170.244.2:443  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
30 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2617 hits: 12-31 to 05-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:20:56:00 Win2K-f 220.143.248.26 (GUTZWILLER.CH):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:20:57:00 Win2K-f 200.195.107.176 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
21:12:00 WinXP 89.218.248.118 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. 		n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 31 c1f12e0109
[Firefox:18 hits: 04-28 to 05-15] 		none[4] none:none
 none|none none trace
21:32:00 Win2K-f 190.31.161.169 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
22:10:00 Win2K-f 89.109.2.180 (MTS-NN.RU):
NETWORK FOR PPPOE CLIENTS TERMINATIONS IN,
NOVGOROD, NOVGORODSKAYA OBLAST', RU. 		n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 30 93282471f7
[Firefox:16 hits: 04-28 to 05-12] 		95951dee58 [0] ASM:Graph
 ASProtect| lines=0 trace
22:34:00 Win2K-f 71.103.130.164 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
DOWNEY, CALIFORNIA, US. (DSL) 		84.244.5.183:2345 US:qtas.net
SE:dzuc.net 		445 pcap raw alerts
ruleset 		http
irc
29 lines 		Yeah : 1.3
profile 		none summary
tarball 		5 of 32 60ccb46de8
NEW 		60ccb46de8 [1] ASM:Graph
 StarForce| lines=88 trace
T:22:35:00 Win2K-f 4.245.5.70 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ST. LOUIS, MISSOURI, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
shell
ftp
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:23:00:00 WinXP 211.30.85.190 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
SYDNEY, NEW SOUTH WALES, AU. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:704 hits: 05-01 to 05-13] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
23:02:00 Win2K-f 62.61.33.201 (-):
AD-PUBLIC,
DE. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1229 hits: 04-27 to 05-15] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:23:42:00 WinXP 24.93.193.150 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AKRON, OHIO, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:2974 hits: 12-31 to 05-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
23:52:00 WinXP 189.48.227.63 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		12 of 30 ccf7ce9bb5
[Firefox: 2 hits: 05-01 to 05-15] 		none[4] none:none
 none|none none trace
T:23:56:00 Win2K-f 116.120.99.176 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none