Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

17 May 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:10:00 WinXP 118.7.1.142 (-):
. n/a 445 pcap raw alerts
ruleset ftp
14 lines Argh : 0.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:27 hits: 09-28 to 05-15] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

00:16:00 Win2K-f 218.163.128.97 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:00:24:00 Win2K-f 92.11.228.192 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:00:24:00 Win2K-f 65.68.44.95 (SWBELL.NET):
AT&T INTERNET SERVICES,
KANSAS CITY, MISSOURI, US. (DSL) n/a 135 pcap raw alerts
ruleset other
109 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

00:50:00 Win2K-f 60.51.56.72 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

01:01:00 Win2K-f 78.61.69.225 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
LT. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 31 c6f17a444e
NEW none[4] none:none
none|none none trace

01:04:00 WinXP 123.222.163.44 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2620 hits: 12-31 to 05-16] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:01:14:00 WinXP 122.25.26.236 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:590 hits: 07-11 to 05-16] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

01:20:00 WinXP 221.242.80.212 (UCOM.NE.JP):
UCOM CORP,
JP. (100Mbps) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1287 hits: 12-31 to 05-16] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

01:25:00 WinXP 217.202.114.133 (-):
TELECOM ITALIA MOBILE,
IT. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2620 hits: 12-31 to 05-16] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

01:26:00 Win2K-f 79.126.51.195 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 30 93282471f7
[Firefox:18 hits: 04-28 to 05-16] 95951dee58 [0] ASM:Graph
ASProtect| lines=0 trace

01:44:00 Win2K-f 89.0.201.65 (BARAK-ONLINE.NET):
BARAK,
JERUSALEM, YERUSHALAYIM (JERUSALEM), IL. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:10:00 Win2K-f 79.31.199.19 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 32 4b88366043
NEW none[4] none:none
none|none none trace

T:02:11:00 Win2K-f 60.53.77.82 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:205 hits: 05-05 to 05-16] none[4] none:none
none|none none trace

T:02:17:00 WinXP 118.100.158.173 (-):
. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:18:00 WinXP 80.52.34.167 (TPNET.PL):
STRAWCZYN-SDI,
KIELCE, SWIETOKRZYSKIE, PL. (100Mbps) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:205 hits: 05-05 to 05-16] none[4] none:none
none|none none trace

02:22:00 WinXP 79.24.80.145 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:24:00 WinXP 218.208.197.254 (TM.NET.MY):
ADSL-STREAMYX-TMNET,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:50:00 Win2K-f 84.57.201.119 (ARCOR-IP.NET):
ARCOR-DSL-NET,
DE. (DSL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2620 hits: 12-31 to 05-16] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

02:53:00 WinXP 92.23.22.91 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:03:04:00 Win2K-f 82.207.39.30 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
UA. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

03:15:00 Win2K-f 220.106.254.174 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
OKINAWA, OKINAWA, JP. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2620 hits: 12-31 to 05-16] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

03:54:00 Win2K-f 82.247.150.58 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 8f367186c3
[Firefox:77 hits: 12-27 to 05-16] 01a06977c4 [0] ASM:Graph
TXT2COM| lines=0 trace

T:03:58:00 Win2K-f 92.12.167.176 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:08:00 WinXP 118.171.78.14 (-):
. n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 32 53123fadcc
[Firefox:48 hits: 01-26 to 05-16] none[4] none:none
none|none none trace

04:17:00 Win2K-f 79.202.254.243 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:42:00 Win2K-f 87.12.177.27 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:205 hits: 05-05 to 05-16] none[4] none:none
none|none none trace

T:05:03:00 WinXP 83.97.136.1 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 32 1e5df7ba74
[Firefox:14 hits: 03-24 to 05-16] a5331b711f [0] ASM:Graph
PolyEnE| lines=68 trace

05:04:00 WinXP 92.40.64.213 (IKBCC.COM):
EU-ZZ,
UK. n/a DE:proxim.ircgalaxy.pl
DE:85.114.137.60:80 445 pcap raw alerts
ruleset http
irc
48 lines Yeah : 0.8
profile none summary
tarball 29 of 32 1ab4d3d7b6
[Firefox: 9 hits: 04-10 to 05-13] cc366b3f6c [0] ASM:Graph
none|none lines=287
embedded dns trace

05:16:00 WinXP 151.21.66.17 (21-151.LIBERO.IT):
FREE INTERNET DIAL-UP SERVICES,
ROME, LAZIO, IT. (DIAL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

05:47:00 Win2K-f 122.118.66.67 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

05:58:00 WinXP 78.37.83.222 (LSI.RU):
OJSC NORTH-WEST TELECOM,
RU. n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 9 of 32 2cbd59e102
[Firefox:11 hits: 12-29 to 05-01] a3aefdb837 [0] ASM:Graph
ASPack| lines=607
embedded dns trace

06:08:00 WinXP 91.66.121.90 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a DE:proxim.ircgalaxy.pl
CN:scorti1.dns2go.com
CN:222.177.11.165:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 29 of 32 92719eefc9
NEW none[4] none:none
ASPack| none trace

06:18:00 Win2K-f 190.31.143.173 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

06:25:00 Win2K-f 85.71.24.164 (IOL.CZ):
XDSL NETWORK-ADSL,
PRAGUE, HLAVNI MESTO PRAHA, CZ. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 32 468140ed8f
[Firefox: 4 hits: 05-07 to 05-14] none[4] none:none
none|none none trace

T:06:44:00 WinXP 84.238.70.233 (-):
DYNAMIC CUSTOMER IP'S,
ÅRHUS, ARHUS, DK. 222.177.11.165:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 18 of 32 567de33f60
NEW none[4] none:none
TXT2COM| none trace

06:54:00 Win2K-f 89.218.100.137 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 31 c1f12e0109
[Firefox:19 hits: 04-28 to 05-16] none[4] none:none
none|none none trace

T:07:02:00 WinXP 200.217.150.175 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2977 hits: 12-31 to 05-16] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:07:50:00 Win2K-f 218.111.162.90 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
PUCHONG, SELANGOR, MY. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:205 hits: 05-05 to 05-16] none[4] none:none
none|none none trace

07:51:00 WinXP 82.230.162.15 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:01:00 WinXP 92.113.147.22 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 203.198.127.88:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 31 c1f12e0109
[Firefox:19 hits: 04-28 to 05-16] none[4] none:none
none|none none trace

T:08:11:00 Win2K-f 59.112.9.72 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 217.170.244.2:443
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2620 hits: 12-31 to 05-16] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

08:11:00 WinXP 189.5.152.115 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
GOIâNIA, GOIáS, BR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
HK:203.198.127.88:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

08:24:00 Win2K-f 212.46.228.144 (TYUMEN-CITY.RU):
TYUMEN CITY GOVERNMENT NETWORK,
RU. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
HK:203.198.127.88:7000 445 pcap raw alerts
ruleset ftp
17 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:08:24:00 WinXP 190.48.231.60 (COM.AR):
TELEFONICA DE ARGENTINA,
CIPOLLETTI, NEUQUEN, AR. 203.198.127.88:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 23 of 31 14ef234ad3
[Firefox:14 hits: 04-29 to 05-15] none[4] none:none
none|none none trace

08:26:00 WinXP 124.43.133.35 (-):
INTERNET SERVICE PROVIDER IN SRI LANKA,
LK. 203.198.127.88:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

08:36:00 Win2K-f 201.39.69.123 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
HK:203.198.127.88:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:08:45:00 WinXP 92.40.70.32 (IKBCC.COM):
EU-ZZ,
UK. n/a DE:proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443
DE:85.114.137.60:80 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball none 4459a4a28b
NEW none[4] none:none
FSG| none trace

09:00:00 Win2K-f 190.54.169.111 (CHILESAT.NET):
TELMEX SERVICIOS EMPRESARIALES S.A,
CL. n/a 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:21:00 WinXP 41.233.86.221 (TEDATA.NET):
PROVIDER LOCAL REGISTRY,
EG. 203.198.127.88:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

09:45:00 WinXP 82.55.181.215 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
CHIETI, ABRUZZI, IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

09:58:00 Win2K-f 189.25.33.151 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:16:00 Win2K-f 88.204.195.27 (METRO.ONLINE.KZ):
JSC KAZAKHTELECOM KARAGANDA AFFILIATE,
KARAGANDA, QARAGHANDY, KZ. n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 22 of 32 dc8e1c63cd
[Firefox:89 hits: 12-27 to 05-16] e0eb8646ee [0] ASM:Graph
none|none lines=601
embedded dns trace

T:10:25:00 WinXP 92.40.240.206 (IKBCC.COM):
EU-ZZ,
UK. 85.114.137.60:80 DE:proxim.ircgalaxy.pl
DE:85.114.137.60:80 445 pcap raw alerts
ruleset http
irc
52 lines Yeah : 1.3
profile none summary
tarball 28 of 31 f58222344f
[Firefox: 9 hits: 12-31 to 05-06] 2a56436a64 [0] ASM:Graph
PolyEnE| lines=265
embedded dns trace

T:10:26:00 Win2K-f 79.33.162.152 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:31:00 WinXP 4.250.153.154 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
FAIR LAWN, NEW JERSEY, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
3 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

10:47:00 WinXP 70.113.202.73 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CEDAR PARK, TEXAS, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
EU:ebookfinaltrash.ru
:wpad
US:208.73.212.12:80
DE:217.11.54.126:80 445 pcap raw alerts
ruleset http
http
http
http
4 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1017 hits: 05-01 to 05-16] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:10:49:00 Win2K-f 85.92.229.230 (NET.BA):
AS54# 11TUZLA TKC,
BA. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:49:00 WinXP 58.1.150.22 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2620 hits: 12-31 to 05-16] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

10:57:00 Win2K-f 61.217.211.215 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 217.170.244.2:443
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2620 hits: 12-31 to 05-16] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

11:27:00 Win2K-f 79.112.224.13 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:205 hits: 05-05 to 05-16] none[4] none:none
none|none none trace

11:29:00 WinXP 78.156.194.216 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2977 hits: 12-31 to 05-16] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:11:55:00 Win2K-f 190.49.178.206 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:11:56:00 WinXP 213.100.53.3 (SWIPNET.SE):
SWIPNET,
STOCKHOLM, STOCKHOLM, SE. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1287 hits: 12-31 to 05-16] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:11:56:00 WinXP 220.102.48.210 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 217.170.244.2:443
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2620 hits: 12-31 to 05-16] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

11:58:00 WinXP 190.51.163.113 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:04:00 Win2K-f 189.23.51.63 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:12:11:00 Win2K-f 90.151.190.168 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 cb89ccfe52
[Firefox:11 hits: 04-29 to 05-16] 881f6fa4b7 [0] ASM:Graph
TXT2COM| lines=406
embedded dns trace

T:12:12:00 WinXP 190.84.15.196 (CABLE.NET.CO):
TV CABLE S.A,
SANTAFé DE BOGOTá, DISTRITO CAPITAL, CO. (DSL) 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 18 of 32 7e28dac8de
[Firefox:20 hits: 04-27 to 05-16] none[4] none:none
none|none none trace

12:14:00 WinXP 219.95.16.53 (TM.NET.MY):
ADSL-STREAMYX-TMNET,
PUCHONG, SELANGOR, MY. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 17 of 32 0872b9ef16
NEW none[4] none:none
none|none none trace

T:12:17:00 WinXP 92.19.83.13 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 27 of 32 09904249fd
NEW none[4] none:none
none|none none trace

12:40:00 WinXP 190.49.19.97 (COM.AR):
TELEFONICA DE ARGENTINA,
CIPOLLETTI, NEUQUEN, AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:205 hits: 05-05 to 05-16] none[4] none:none
none|none none trace

12:57:00 WinXP 122.29.5.145 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:590 hits: 07-11 to 05-16] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

13:10:00 WinXP 88.147.131.15 (SAN.RU):
NETWORK OF SARATOV BRANCH OF OJSC VOLGATELECOM,
SARATOV, SARATOVSKAYA OBLAST', RU. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:49 hits: 04-29 to 05-16] none[4] none:none
none|none none trace

13:17:00 Win2K-f 89.24.30.247 (4GINTERNET.CZ):
GPRS/WBA CUSTOMER NETWORKS,
CZ. n/a 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 0.8
profile none summary
tarball 27 of 32 ac74a41741
NEW none[4] none:none
none|none none trace

13:21:00 Win2K-f 92.40.21.213 (IKBCC.COM):
EU-ZZ,
UK. 85.114.137.60:80 DE:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
CZ:217.170.244.2:443
CZ:82.114.64.251:443
DE:85.114.137.60:80
DE:85.114.143.2:80 445 pcap raw alerts
ruleset shell
ftp
irc
20 lines Yeah : 1.8
profile none summary
tarball none d166d2a877
NEW none[4] none:none
FSG| none trace

13:51:00 WinXP 91.58.183.29 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:49 hits: 04-29 to 05-16] none[4] none:none
none|none none trace

14:04:00 WinXP 65.24.185.249 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WESTERVILLE, OHIO, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2977 hits: 12-31 to 05-16] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

14:06:00 Win2K-f 189.36.186.214 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:20:00 WinXP 91.125.20.6 (BRIGHTVIEW.COM):
BRIGHTVIEW GROUP LIMITED,
LONDON, ENGLAND, UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1
profile none summary
tarball 18 of 32 b4ad631671
[Firefox: 8 hits: 04-29 to 05-15] 5890f017cc [0] ASM:Graph
StarForce| lines=28 trace

T:14:21:00 Win2K-f 89.218.205.111 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. n/a CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:66 hits: 04-27 to 05-16] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

T:14:41:00 WinXP 190.137.65.22 (NET.AR):
TELECOM ARGENTINA S.A,
AR. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:205 hits: 05-05 to 05-16] none[4] none:none
none|none none trace

14:48:00 WinXP 190.30.2.214 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:49 hits: 04-29 to 05-16] none[4] none:none
none|none none trace

T:14:50:00 Win2K-f 84.4.57.37 (CEGETEL.NET):
INTERNET RESIDENTIEL CEGETEL FRANCE,
PARIS, ILE-DE-FRANCE, FR. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:51:00 Win2K-f 222.179.54.37 (163DATA.COM.CN):
CHINANET CHONGQING PROVINCE NETWORK,
CHONGQING, CHONGQING, CN. (100Mbps) 84.244.5.183:2345 US:wow.blackirc.us
SE:tap.radioprishtina.net 445 pcap raw alerts
ruleset http
irc
55 lines Yeah : 1.3
profile none summary
tarball 3 of 32 b3e91556b1
NEW b3e91556b1 [1] ASM:Graph
StarForce| lines=88 trace

T:15:10:00 Win2K-f 81.245.163.234 (ISP.BELGACOM.BE):
SKYNET-ADSL,
DENDERMONDE, OOST-VLAANDEREN, BE. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

15:13:00 Win2K-f 80.145.202.252 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
ULM, BADEN-WURTTEMBERG, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

15:33:00 Win2K-f 189.56.20.139 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:15:59:00 WinXP 75.15.142.255 (SBCGLOBAL.NET):
PPPOX POOL - RBACK5SNLO,
SAN LUIS OBISPO, CALIFORNIA, US. (DSL) n/a DE:siliconfireware.ru
US:searchportal.information.com
:www.proxy-socks.net
:wpad
GB:new.egg.com
US:208.73.212.12:80
GB:217.145.225.22:80 445 pcap raw alerts
ruleset http
http
http
3 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1017 hits: 05-01 to 05-16] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

16:33:00 Win2K-f 190.174.138.215 (-):
. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 24 of 30 206797614d
[Firefox: 2 hits: 05-01 to 05-01] none[4] none:none
Obsidium| none trace

16:58:00 WinXP 201.69.245.5 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 11 of 31 4620861e2d
[Firefox:14 hits: 04-27 to 05-16] none[4] none:none
StarForce| none trace

17:01:00 WinXP 201.69.180.129 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none 641074f59d
NEW none[4] none:none
PolyEnE| none trace

T:17:15:00 WinXP 4.188.161.215 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
TOLEDO, OHIO, US. (DIAL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2977 hits: 12-31 to 05-16] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

17:19:00 Win2K-f 190.128.76.35 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
MANIZALES, CALDAS, CO. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 32 59754a184b
[Firefox: 2 hits: 05-12 to 05-12] none[4] none:none
none|none none trace

T:17:33:00 Win2K-f 60.51.17.72 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KOTA KINABALU, SABAH, MY. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

18:00:00 WinXP 92.112.65.167 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:31:00 WinXP 160.7.234.19 (NEBO.EDU):
NEBO SCHOOL DISTRICT,
SPANISH FORK, UTAH, US. 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
18 lines Yeah : 1.5
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

19:07:00 Win2K-f 190.84.11.248 (CABLE.NET.CO):
TV CABLE S.A,
SANTAFé DE BOGOTá, DISTRITO CAPITAL, CO. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

19:10:00 WinXP 200.100.179.215 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2977 hits: 12-31 to 05-16] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:19:11:00 WinXP 200.100.179.215 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2977 hits: 12-31 to 05-16] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

19:22:00 Win2K-f 190.50.194.24 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:205 hits: 05-05 to 05-16] none[4] none:none
none|none none trace

19:45:00 Win2K-f 118.167.73.90 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2620 hits: 12-31 to 05-16] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:20:14:00 Win2K-f 117.96.9.117 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

20:41:00 WinXP 210.237.8.134 (ENJOY.NE.JP):
DEODEO CORPORATION,
TOKYO, TOKYO, JP. (DSL) n/a DE:proxim.ircgalaxy.pl
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball none 07177edf82
NEW none[4] none:none
PolyEnE| none trace

20:52:00 WinXP 65.99.135.64 (LINK2USA.COM):
UNITED SYSTEMS ACCESS,
WINTER HARBOR, MAINE, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:274 hits: 05-01 to 05-13] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

T:20:52:00 WinXP 65.99.135.64 (LINK2USA.COM):
UNITED SYSTEMS ACCESS,
WINTER HARBOR, MAINE, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:274 hits: 05-01 to 05-13] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

T:21:18:00 Win2K-f 116.126.200.26 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a 135 pcap raw alerts
ruleset other
111 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

21:31:00 Win2K-f 85.232.193.49 (MALTANET.NET):
MALTANET-RETAIL-DSL,
ZEBBUG, MALTA, MT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

21:35:00 Win2K-f 190.7.147.9 (-):
EMTELSA S.A. E.S.P,
MANIZALES, CALDAS, CO. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
169 lines Yeah : 0.8
profile none summary
tarball 21 of 31 f3c3478952
[Firefox: 2 hits: 04-30 to 05-01] none[4] none:none
none|none none trace

22:04:00 Win2K-f 118.171.202.166 (-):
. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

22:14:00 WinXP 60.54.15.20 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. n/a DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 32 696210cb5e
NEW none[4] none:none
none|none none trace

22:19:00 WinXP 222.5.234.58 (DION.NE.JP):
DION (KDDI CORPORATION),
JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:385 hits: 12-31 to 05-13] 048df78048 [0] ASM:Graph
none|none lines=61 trace

22:19:00 Win2K-f 60.51.18.191 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KOTA KINABALU, SABAH, MY. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:205 hits: 05-05 to 05-16] none[4] none:none
none|none none trace

22:32:00 WinXP 4.235.201.69 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
FT. MYERS, FLORIDA, US. (DIAL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 0.8
profile none summary
tarball 29 of 32 3a93071783
[Firefox: 6 hits: 08-29 to 03-04] f9fee24e84 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

22:57:00 WinXP 65.70.100.159 (SWBELL.NET):
DIAL POOL - NAS1.MDLDTX,
MIDLAND, TEXAS, US. (DIAL) n/a EU:siliconfireware.ru
US:searchportal.information.com
DE:ebookfinaltrash.ru
:wpad
US:208.73.212.12:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
http
4 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1017 hits: 05-01 to 05-16] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:22:58:00 Win2K-f 60.54.32.180 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KOTA KINABALU, SABAH, MY. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

23:05:00 Win2K-f 77.232.97.62 (-):
INTERNATIONAL COMPUTER COMPANY LTD,
MANILA, MANILA, PH. n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:23:50:00 WinXP 92.17.36.234 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 222.177.11.165:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:23:51:00 Win2K-f 201.69.83.9 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 222.177.11.165:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1270 hits: 04-27 to 05-16] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

23:58:00 Win2K-f 118.7.200.251 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2620 hits: 12-31 to 05-16] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace