Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

08 May 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:09:00 Win2K-f 89.214.222.83 (-):
TMN - TELECOMUNICACOES MOVEIS NACIONAIS SA,
PT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:00:15:00 Win2K-f 82.210.129.247 (WAW.PL):
OTN PRAGA IP ASSIGNMENT,
WARSAW, MAZOWIECKIE, PL. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

00:33:00 WinXP 125.162.101.202 (-):
TLKM_D1_BB_SPEEDY_PG,
PALEMBANG, SUMATERA SELATAN, ID. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

00:34:00 Win2K-f 88.200.186.109 (SKSAMARA.RU):
JSC VOLGATELECOM SAMARA BRANCH,
RU. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

00:38:00 Win2K-f 124.43.250.146 (-):
INTERNET SERVICE PROVIDER IN SRI LANKA,
COLOMBO, CENTRAL, LK. (DIAL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

00:42:00 Win2K-f 85.141.65.106 (MTU-NET.RU):
ZAO MTU-INTEL,
MOSCOW, MOSKVA, RU. (DIAL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:00:48:00 Win2K-f 92.112.27.15 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

01:00:00 Win2K-f 79.2.174.248 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 10 of 32 639a247ece
[Firefox:24 hits: 04-28 to 05-06] 29d53eec72 [0] ASM:Graph
StarForce| lines=132 trace

01:07:00 WinXP 75.79.2.106 (-):
. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:01:07:00 WinXP 88.7.12.157 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
MALAGA, ANDALUCIA, ES. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

01:08:00 WinXP 61.20.169.42 (-):
FAR EASTONE TELECOMMUNICATION CO. LTD,
TW. n/a RU:moscow-advokat.ru
SE:viking.dal.net
SE:coins.dal.net
SE:broadway.ny.us.dal.net
SE:qis.md.us.dal.net
:washington.dc.us.undernet.org
:lulea.se.eu.undernet.org
SE:ozbytes.dal.net
NO:london.uk.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 27 of 32 e97b88e501
NEW 8f8dac80bb [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

01:18:00 Win2K-f 85.84.9.90 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
BILBAO, PAIS VASCO, ES. n/a DE:proxima.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 29 of 31 5cae136844
NEW none[4] none:none
none|none none trace

01:18:00 WinXP 125.162.101.217 (-):
TLKM_D1_BB_SPEEDY_PG,
PALEMBANG, SUMATERA SELATAN, ID. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

01:19:00 WinXP 119.17.100.36 (-):
. n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 30 of 32 3f5ec58a6b
[Firefox: 9 hits: 04-24 to 05-05] 4a77430a59 [0] ASM:Graph
PolyEnE| lines=70 trace

01:22:00 WinXP 62.35.135.219 (D4.CLUB-INTERNET.FR):
T-ONLINE (ADSL),
PARIS, ILE-DE-FRANCE, FR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 31 0330af1285
[Firefox: 5 hits: 05-02 to 05-07] none[4] none:none
none|none none trace

01:30:00 WinXP 92.113.84.15 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

01:56:00 Win2K-f 77.209.92.164 (AIRTEL.NET):
VODAFONE ESPANA S.A,
ES. n/a :www.google.com
CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

01:59:00 Win2K-f 124.43.134.195 (-):
INTERNET SERVICE PROVIDER IN SRI LANKA,
LK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:06:00 Win2K-f 77.197.45.127 (GAOLAND.NET):
DYNAMIC POOLS,
FR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1
profile none summary
tarball 26 of 32 64b36642a6
[Firefox: 3 hits: 04-28 to 05-07] none[4] none:none
none|none none trace

T:02:07:00 WinXP 121.82.171.20 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:576 hits: 07-11 to 05-06] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

02:09:00 Win2K-f 89.20.119.151 (PERMONLINE.RU):
PFES.FOR ADSL USERS,
RU. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:48:00 WinXP 212.55.187.48 (DIAL-B2-187-10.TELEPAC.PT):
TELEPAC - COMUNICACOES INTERACTIVAS SA,
PT. (DIAL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:58:00 Win2K-f 91.66.207.157 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 25 of 31 839dd0a7c5
NEW none[4] none:none
none|none none trace

T:03:01:00 WinXP 78.144.173.138 (-):
OPAL TELECOM DSL,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

03:09:00 Win2K-f 202.132.171.207 (TTN.NET):
TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:proxim.ircgalaxy.pl
US:freee.najd.us
US:69.50.208.3:51115
US:69.50.209.31:51115 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 31 1584ac8057
NEW none[4] none:none
ASPack| none trace

T:03:12:00 Win2K-f 196.28.241.27 (-):
AFRINIC,
BF. n/a DE:proxim.ircgalaxy.pl
CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
irc
16 lines Yeah : 0.8
profile none summary
tarball 28 of 31 36d24c4769
NEW none[4] none:none
none|none none trace

03:25:00 WinXP 92.40.63.77 (IKBCC.COM):
EU-ZZ,
UK. n/a DE:proxim.ircgalaxy.pl
DE:85.114.137.60:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 27 of 31 b82d9bcbfc
NEW 076c58f365 [0] ASM:Graph
ASPack| lines=294
embedded dns trace

03:29:00 WinXP 189.7.164.13 (VIRTUA.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:03:34:00 WinXP 89.24.26.26 (4GINTERNET.CZ):
GPRS/WBA CUSTOMER NETWORKS,
CZ. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

03:38:00 WinXP 82.207.8.187 (UKRTEL.NET):
UKRTELNET,
UA. n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:47 hits: 04-27 to 05-07] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

04:39:00 WinXP 213.100.53.3 (SWIPNET.SE):
SWIPNET,
STOCKHOLM, STOCKHOLM, SE. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:04:54:00 WinXP 41.214.142.150 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1274 hits: 12-31 to 05-07] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

05:29:00 Win2K-f 218.169.46.42 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:06:04:00 Win2K-f 59.105.97.91 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

06:11:00 WinXP 84.51.83.21 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

06:12:00 WinXP 118.240.158.117 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:576 hits: 07-11 to 05-06] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:06:20:00 Win2K-f 89.117.91.81 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 27 of 31 92734aa6f5
NEW none[4] none:none
none|none none trace

06:21:00 Win2K-f 190.3.85.65 (TECHTELNET.NET):
TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A,
AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

T:06:21:00 Win2K-f 201.213.74.169 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

06:28:00 Win2K-f 92.46.150.193 (IKBCC.COM):
EU-ZZ,
UK. n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 30 93282471f7
[Firefox: 9 hits: 04-28 to 05-07] 95951dee58 [0] ASM:Graph
ASProtect| lines=0 trace

06:38:00 Win2K-f 85.144.142.206 (WANADOO.NL):
WANADOO ADSL CUSTOMERS WITH STATIC ADDRESSES,
AMSTERDAM, NOORD-HOLLAND, NL. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 26 of 32 3471fe5f22
NEW none[4] none:none
none|none none trace

06:40:00 WinXP 59.103.2.67 (-):
. n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 30 of 32 3f5ec58a6b
[Firefox: 9 hits: 04-24 to 05-05] 4a77430a59 [0] ASM:Graph
PolyEnE| lines=70 trace

06:46:00 WinXP 88.200.215.105 (SKSAMARA.RU):
JSC VOLGATELECOM SAMARA BRANCH,
RU. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:06:50:00 Win2K-f 122.120.222.28 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 22 of 32 dc8e1c63cd
[Firefox:77 hits: 12-27 to 05-07] e0eb8646ee [0] ASM:Graph
none|none lines=601
embedded dns trace

06:51:00 WinXP 91.67.7.55 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 26 of 31 98ce60a3b5
NEW none[4] none:none
none|none none trace

T:06:52:00 WinXP 190.64.67.136 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
MONTEVIDEO, MONTEVIDEO, UY. (DIAL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:06:56:00 WinXP 88.244.176.122 (TTNET.NET.TR):
TT ADSL-ALCATEL DYNAMIC_ACI,
ISTANBUL, ISTANBUL, TR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

06:57:00 WinXP 118.161.60.88 (-):
. n/a DE:proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443
DE:85.114.137.60:80 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 28 of 31 688281495d
NEW none[4] none:none
FSG| none trace

T:06:59:00 Win2K-f 89.214.209.50 (-):
TMN - TELECOMUNICACOES MOVEIS NACIONAIS SA,
PT. n/a CN:hail.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

07:11:00 WinXP 58.1.110.23 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 31 4d83955c32
NEW none[4] none:none
none|none none trace

T:07:17:00 WinXP 79.126.23.199 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:07:21:00 Win2K-f 118.161.60.88 (-):
. n/a DE:proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443
DE:85.114.137.60:80 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 28 of 31 688281495d
NEW none[4] none:none
FSG| none trace

T:07:35:00 Win2K-f 93.81.80.26 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 85.114.137.60:80 217.170.244.2:443 DE:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
CZ:217.170.244.2:443
CZ:82.114.64.251:443
DE:85.114.137.60:80 445 pcap raw alerts
ruleset irc
http
46 lines Yeah : 1.8
profile none summary
tarball 19 of 31 a2e1102c10
NEW a2e1102c10 [1] ASM:Graph
FSG| lines=6 trace

08:03:00 WinXP 190.50.101.127 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. n/a :www.google.com 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:04:00 WinXP 125.162.99.121 (-):
TLKM_D1_BB_SPEEDY_PG,
PALEMBANG, SUMATERA SELATAN, ID. n/a :www.google.com
CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:08:08:00 Win2K-f 85.26.55.163 (217-117-34-10.TELEDISNET.BE):
TELEDISNET ISP,
BE. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

08:12:00 WinXP 122.120.130.95 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
19 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:08:21:00 Win2K-f 88.246.115.253 (TTNET.NET.TR):
TT ADSL-METEKSAN DINAMIK_ACI,
BURSA, BURSA, TR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:24:00 Win2K-f 41.214.146.217 (-):
. n/a :www.google.com 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:36:00 Win2K-f 85.242.204.121 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
LISBON, LISBOA, PT. n/a CN:hail.dns2go.com
:www.google.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

T:08:43:00 Win2K-f 221.118.32.147 (AITAI.NE.JP):
AITAI-NET(HIMAWARI NETWORK INC.),
JP. 211.96.97.44:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 25 of 31 52fdb89225
NEW 901902cf1e [0] ASM:Graph
none|none lines=411
embedded dns trace

08:43:00 Win2K-f 82.118.231.236 (0RBITEL.NET):
PROVIDER LOCAL REGISTRY,
BG. n/a CN:hail.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 11 of 31 4620861e2d
[Firefox: 7 hits: 04-27 to 05-03] none[4] none:none
StarForce| none trace

08:53:00 WinXP 194.230.234.131 (FREESURF.CH):
SUNRISE SWITZERLAND,
CH. (DIAL) n/a :www.google.com
EU:siliconfireware.ru
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1008 hits: 05-01 to 05-07] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

09:14:00 WinXP 216.45.89.68 (GVEC.NET):
GVEC.NET,
ARNOLD, MARYLAND, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 d6df3972a0
[Firefox:212 hits: 05-02 to 04-20] 39eeef52a4 [0] ASM:Graph
PolyEnE| lines=65 trace

T:09:16:00 WinXP 216.45.89.68 (GVEC.NET):
GVEC.NET,
ARNOLD, MARYLAND, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 d6df3972a0
[Firefox:212 hits: 05-02 to 04-20] 39eeef52a4 [0] ASM:Graph
PolyEnE| lines=65 trace

09:26:00 Win2K-f 79.113.73.98 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:00:00 WinXP 83.188.200.117 (SWIP.NET):
SWIPNET,
SE. n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 30 of 31 9192428c13
NEW none[4] none:none
PolyEnE| none trace

T:10:00:00 Win2K-f 88.66.249.120 (ARCOR-IP.NET):
ARCOR-DSL-NET,
DE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 31 e37555c26e
[Firefox: 2 hits: 05-06 to 05-07] none[4] none:none
Xtreme-Pr| none trace

T:10:00:00 WinXP 83.188.200.117 (SWIP.NET):
SWIPNET,
SE. n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 30 of 31 9192428c13
NEW none[4] none:none
PolyEnE| none trace

10:15:00 Win2K-f 41.214.131.83 (-):
. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:29:00 WinXP 190.128.124.111 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
CO. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:30:00 Win2K-f 87.187.123.50 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:32:00 Win2K-f 85.26.75.212 (217-117-34-10.TELEDISNET.BE):
TELEDISNET ISP,
BE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

T:10:34:00 Win2K-f 151.54.235.39 (38-151.NET24.IT):
IUNET-BNET,
PERUGIA, UMBRIA, IT. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

T:10:41:00 WinXP 12.134.223.117 (ATT.NET):
AT&T WORLDNET SERVICES,
DALLAS, TEXAS, US. (DSL) n/a DE:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 30 of 32 cebfb1dd8a
[Firefox: 4 hits: 04-14 to 04-24] 296a85750b [0] ASM:Graph
PolyEnE| lines=154
embedded dns trace

T:10:50:00 Win2K-f 89.136.249.161 (-):
ASTRAL CURTEA DE ARGES DOCSIS NETWORK,
CLUJ-NAPOCA, CLUJ, RO. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

10:57:00 Win2K-f 79.184.154.194 (TPNET.PL):
TPSA,
PL. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

11:05:00 WinXP 4.247.140.38 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ST. PETERSBURG, FLORIDA, US. (DIAL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
shell
ftp
22 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:11:11:00 Win2K-f 89.1.74.53 (BARAK-ONLINE.NET):
BARAK,
MODIIN, HAMERKAZ (CENTRAL), IL. n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:12:00 Win2K-f 88.73.23.129 (ARCOR-IP.NET):
ARCOR-DSL-NET,
BERLIN, BERLIN, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 28 of 32 0197c6c127
[Firefox: 3 hits: 04-27 to 05-07] none[4] none:none
none|none none trace

11:18:00 Win2K-f 83.219.9.193 (URALCOM.COM):
ADSL POOL PERM SITY,
PERM', PERMSKAYA OBLAST', RU. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:11:27:00 Win2K-f 89.218.20.186 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

11:29:00 WinXP 151.54.113.32 (38-151.NET24.IT):
IUNET-BNET,
PERUGIA, UMBRIA, IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

11:34:00 Win2K-f 130.117.83.53 (COGENTCO.COM):
PERFORMANCE SYSTEMS INTERNATIONAL INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. n/a 135 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 0.8
profile none summary
tarball 27 of 31 55b6cdd920
NEW none[4] none:none
none|none none trace

T:11:43:00 Win2K-f 79.31.57.186 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:11:47:00 Win2K-f 83.23.30.213 (TPNET.PL):
NEOSTRADA PLUS,
POZNAN, WIELKOPOLSKIE, PL. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

11:47:00 WinXP 78.149.241.190 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

11:52:00 Win2K-f 84.224.17.253 (PGSM.HU):
PANNON GSM TELECOMMUNICATIONS INC,
HU. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 31 ee7d50483a
NEW none[4] none:none
none|none none trace

11:54:00 Win2K-f 82.245.120.178 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:12:14:00 Win2K-f 77.126.247.100 (INTER.NET.IL):
EURONET DIGITAL COMMUNICATIONS,
IL. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

12:37:00 Win2K-f 193.153.207.44 (CAMPUSPARTY06.NET):
TELEFONICA DE ESPANA (NCC#2007050901),
ES. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:38:00 Win2K-f 190.188.150.164 (NET.AR):
PRIMA S.A,
AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 15 of 30 aeaa10cc8d
[Firefox: 2 hits: 04-30 to 05-07] none[4] none:none
none|none none trace

12:38:00 WinXP 89.152.89.121 (-):
TVCABO PORTUGAL S.A,
LISBON, LISBOA, PT. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
21 lines Yeah : 1.8
profile none summary
tarball 26 of 31 79a906bd32
NEW none[4] none:none
none|none none trace

12:39:00 WinXP 78.130.14.26 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
PT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1
profile none summary
tarball 19 of 31 7ba07d0fc6
NEW none[4] none:none
none|none none trace

12:57:00 Win2K-f 79.137.82.84 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:58:00 Win2K-f 87.205.198.151 (INETIA.PL):
INTERNETIA,
PL. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

13:09:00 WinXP 81.245.162.53 (ISP.BELGACOM.BE):
SKYNET-ADSL,
DENDERMONDE, OOST-VLAANDEREN, BE. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:13:12:00 Win2K-f 79.17.147.21 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:13:15:00 Win2K-f 82.212.134.104 (82-212-132-10.TELEDISNET.BE):
TELEDISNET ISP,
LIEGE, LIEGE, BE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

13:28:00 WinXP 212.34.109.114 (-):
NETCENTER GMBH COMMUNICATION CENTER BREMEN,
DE. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:30:00 Win2K-f 85.243.117.185 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
AVEIRO, AVEIRO, PT. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

13:32:00 Win2K-f 206.248.231.155 (NTELOS.NET):
NTELOS - WYBO 6400 NRP ADSL DHCP RANGE,
CLIFTON FORGE, VIRGINIA, US. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:13:33:00 Win2K-f 84.224.13.163 (PGSM.HU):
PANNON GSM TELECOMMUNICATIONS INC,
HU. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 26 of 31 ea1868674b
NEW none[4] none:none
none|none none trace

13:38:00 Win2K-f 85.26.22.36 (217-117-34-10.TELEDISNET.BE):
TELEDISNET ISP,
BE. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

T:13:40:00 WinXP 80.41.137.100 (AS9105.COM):
TISCALI UK LTD,
LONDON, ENGLAND, UK. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

13:46:00 Win2K-f 78.57.130.249 (ZEBRA.LT):
LIETUVOS,
LT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

13:53:00 Win2K-f 201.44.244.170 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:13:56:00 WinXP 83.97.193.55 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:13:57:00 Win2K-f 91.8.72.46 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

13:58:00 Win2K-f 79.138.168.155 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:13:59:00 WinXP 12.77.255.182 (ATT.NET):
AT&T WORLDNET SERVICES,
HOLLYWOOD, FLORIDA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:372 hits: 12-31 to 05-07] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:14:04:00 Win2K-f 92.60.228.202 (IKBCC.COM):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:08:00 Win2K-f 190.136.149.248 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

14:09:00 WinXP 90.132.229.61 (SWIP.NET):
SWIPNET,
SE. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:15:00 Win2K-f 82.56.95.184 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
MILANO, LOMBARDIA, IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:19:00 WinXP 12.218.178.208 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
COLUMBUS, GEORGIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:271 hits: 05-01 to 05-07] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

T:14:33:00 Win2K-f 118.169.69.159 (-):
. 211.96.97.44:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 14 of 32 8f367186c3
[Firefox:61 hits: 12-27 to 05-05] 01a06977c4 [0] ASM:Graph
TXT2COM| lines=0 trace

14:50:00 Win2K-f 79.101.12.113 (G-M-I.NET):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:58:00 Win2K-f 200.74.65.57 (VTR.NET):
VTR BANDA ANCHA S.A,
SANTIAGO, REGION METROPOLITANA, CL. 218.74.202.79:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
US:65.117.119.162:7000 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:15:02:00 Win2K-f 91.66.215.99 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none 4f887ca272
[Firefox:33 hits: 01-26 to 05-07] 4f887ca272 [1] ASM:Graph
Stranik| lines=6 trace

15:06:00 WinXP 200.120.232.162 (VTR.NET):
VTR BANDA ANCHA S.A,
PATERSON, NEW JERSEY, US. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.74.202.79:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 11 of 31 4620861e2d
[Firefox: 7 hits: 04-27 to 05-03] none[4] none:none
StarForce| none trace

15:14:00 Win2K-f 81.213.177.222 (TTNET.NET.TR):
ADSL-ALC-KOCAELI-DYNAMIC POOL,
ANKARA, ANKARA, TR. (DSL) 211.96.97.44:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 20 of 31 9dbe3c7646
NEW none[4] none:none
none|none none trace

T:15:21:00 Win2K-f 190.136.77.89 (NET.AR):
APOLO -GOLD-TELECOM-PER,
ROSARIO, SANTA FE, AR. 218.74.202.79:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

15:25:00 Win2K-f 83.103.132.181 (ASTRAL.RO):
ASTRAL-CJ-DOCSIS,
CLUJ-NAPOCA, CLUJ, RO. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000
CN:218.74.202.79:7000
US:65.117.119.162:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

15:33:00 WinXP 87.196.172.197 (NET.NOVIS.PT):
NOVIS TELECOM S.A,
PT. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

15:54:00 Win2K-f 75.138.116.55 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

16:08:00 WinXP 92.40.13.20 (IKBCC.COM):
EU-ZZ,
UK. n/a DE:proxim.ircgalaxy.pl
DE:85.114.137.60:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 32 1ab4d3d7b6
[Firefox: 6 hits: 04-10 to 05-04] cc366b3f6c [0] ASM:Graph
none|none lines=287
embedded dns trace

16:09:00 WinXP 201.69.16.29 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

16:14:00 Win2K-f 189.5.181.185 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

16:20:00 Win2K-f 221.118.32.147 (AITAI.NE.JP):
AITAI-NET(HIMAWARI NETWORK INC.),
JP. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 26 of 31 fd5013ce19
NEW none[4] none:none
none|none none trace

16:25:00 WinXP 66.50.89.238 (PRTC.NET):
PUERTO RICO TELEPHONE COMPANY,
SAN JUAN, PUERTO RICO, PR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2956 hits: 12-31 to 05-07] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

16:28:00 WinXP 208.83.217.222 (-):
. n/a UA:citi-bank.ru
EU:kidos-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 986b59708d
[Firefox:285 hits: 05-03 to 04-15] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

T:16:33:00 WinXP 75.183.59.93 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GREENSBORO, NORTH CAROLINA, US. n/a DE:siliconfireware.ru
GB:welcome3.smile.co.uk
:wpad
GB:new.egg.com
GB:195.92.84.198:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
24 lines Yeah : 0.8
profile none summary
tarball 29 of 29 0ada72d805
[Firefox:29 hits: 05-17 to 05-05] 239ec78f15 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

17:15:00 Win2K-f 41.210.203.53 (-):
. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 32 4c9e048796
NEW none[4] none:none
none|none none trace

17:21:00 Win2K-f 72.251.36.64 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
NEW KENSINGTON, PENNSYLVANIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

17:28:00 Win2K-f 190.175.221.198 (-):
. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

17:37:00 Win2K-f 200.141.133.57 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

18:04:00 WinXP 201.253.130.151 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. 211.96.97.44:7000 CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:29 hits: 04-29 to 05-07] none[4] none:none
none|none none trace

18:04:00 Win2K-f 200.175.168.51 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

18:15:00 Win2K-f 75.54.105.84 (SBCGLOBAL.NET):
PPPOX POOL. BRAS1.ELPSTX,
PLANO, TEXAS, US. (DSL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

18:22:00 WinXP 24.175.209.178 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HARLINGEN, TEXAS, US. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset other
0 lines Yeah : 1.3
profile none summary
tarball 29 of 29 042774a2b7
[Firefox:135 hits: 05-01 to 05-03] 1c9a472cd7 [0] ASM:Graph
PolyEnE| lines=71
embedded dns trace

T:18:29:00 Win2K-f 61.230.92.37 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 23 of 32 8be304341b
[Firefox: 4 hits: 05-06 to 05-07] 51c0a74ab9 [0] ASM:Graph
ASPack| lines=4773
embedded dns trace

18:29:00 WinXP 119.17.106.142 (-):
. n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 30 of 32 3f5ec58a6b
[Firefox: 9 hits: 04-24 to 05-05] 4a77430a59 [0] ASM:Graph
PolyEnE| lines=70 trace

18:31:00 Win2K-f 201.213.74.169 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

T:18:39:00 Win2K-f 190.54.169.111 (CHILESAT.NET):
TELMEX SERVICIOS EMPRESARIALES S.A,
CL. n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 11 of 32 e5d062be59
[Firefox: 2 hits: 12-28 to 12-31] none[4] none:none
ASPack| none trace

18:47:00 Win2K-f 189.81.98.114 (-):
. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

19:07:00 WinXP 76.166.139.95 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
21 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:372 hits: 12-31 to 05-07] 048df78048 [0] ASM:Graph
none|none lines=61 trace

19:08:00 Win2K-f 61.229.139.60 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

19:10:00 WinXP 125.162.102.121 (-):
TLKM_D1_BB_SPEEDY_PG,
PALEMBANG, SUMATERA SELATAN, ID. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:19:58:00 WinXP 64.85.210.146 (SOCKET.NET):
SOCKET INTERNET SERVICES CORPORATION,
BRISTOW, OKLAHOMA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:697 hits: 05-01 to 05-07] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

T:20:04:00 WinXP 125.162.103.57 (-):
TLKM_D1_BB_SPEEDY_PG,
PALEMBANG, SUMATERA SELATAN, ID. 211.96.97.44:7000 CN:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

20:36:00 Win2K-f 92.47.128.253 (IKBCC.COM):
EU-ZZ,
UK. 211.96.97.44:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:47 hits: 04-27 to 05-07] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

20:40:00 WinXP 117.201.35.252 (-):
. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

20:45:00 Win2K-f 190.48.254.159 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 23 of 31 14ef234ad3
[Firefox: 7 hits: 04-29 to 05-07] none[4] none:none
none|none none trace

21:50:00 Win2K-f 118.160.185.13 (-):
. 217.170.244.2:443
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2587 hits: 12-31 to 05-07] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:21:53:00 Win2K-f 91.124.86.198 (UKRTEL.NET):
UKRTELECOM,
UA. n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 32 fd0bf48a75
[Firefox: 7 hits: 04-28 to 05-07] none[3] none:none
ASProtect| none trace

T:22:07:00 Win2K-f 116.206.39.92 (-):
MOBIF WIRELESS BROADBAND SDN. BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:52 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

22:29:00 Win2K-f 79.138.236.199 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

22:36:00 Win2K-f 124.43.123.87 (-):
INTERNET SERVICE PROVIDER IN SRI LANKA,
COLOMBO, CENTRAL, LK. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:41:00 Win2K-f 190.134.136.96 (-):
. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:44:00 Win2K-f 118.169.213.20 (-):
. n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 32 53123fadcc
[Firefox:35 hits: 01-26 to 05-07] none[4] none:none
none|none none trace

23:01:00 Win2K-f 82.60.189.85 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
IT. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:23:09:00 WinXP 67.107.1.165 (XO.NET):
XO COMMUNICATIONS,
OCEANSIDE, CALIFORNIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 31 36a1bf4777
NEW none[4] none:none
PolyEnE| none trace

23:18:00 WinXP 77.126.30.220 (INTER.NET.IL):
EURONET DIGITAL COMMUNICATIONS,
IL. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 10 of 32 639a247ece
[Firefox:24 hits: 04-28 to 05-06] 29d53eec72 [0] ASM:Graph
StarForce| lines=132 trace

23:20:00 Win2K-f 85.69.208.69 (REV.NUMERICABLE.FR):
NUMERICABLE,
FR. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

23:32:00 WinXP 124.43.216.214 (-):
INTERNET SERVICE PROVIDER IN SRI LANKA,
COLOMBO, CENTRAL, LK. (DIAL) n/a CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 31 fc9addab43
NEW none[4] none:none
none|none none trace

23:37:00 Win2K-f 125.162.117.189 (-):
TLKM_D1_BB_SPEEDY_PG,
PALEMBANG, SUMATERA SELATAN, ID. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

23:42:00 WinXP 59.112.223.97 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

23:53:00 Win2K-f 200.175.106.20 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a CN:hail.dns2go.com
CN:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:825 hits: 04-27 to 05-07] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace