Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

09 May 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:08:00 Win2K-f 41.233.255.187 (TEDATA.NET):
PROVIDER LOCAL REGISTRY,
EG. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

T:00:17:00 WinXP 61.91.163.125 (ASIANET.CO.TH):
FIX IP FOR COPORATE CUSTOMER,
BANGKOK, KRUNG THEP MAHANAKHON, TH. (DIAL) n/a DE:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
US:spi.domainsponsor.com
:landdev1.lap.internal
US:208.73.212.12:80
DE:217.11.54.126:80
GB:217.145.225.22:80 445 pcap raw alerts
ruleset http
http
http
7 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1009 hits: 05-01 to 05-08] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

00:25:00 Win2K-f 60.51.90.140 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:01:01:00 Win2K-f 85.240.186.36 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
LEIRIA, LEIRIA, PT. 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

01:04:00 Win2K-f 116.75.161.185 (JWS.COM):
HATHWAY IP OVER CABLE INTERNET ACCESS SERVICE,
IN. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:01:17:00 Win2K-f 78.96.246.99 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:01:22:00 Win2K-f 116.206.4.225 (-):
MOBIF WIRELESS BROADBAND SDN. BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:01:39:00 WinXP 90.151.202.122 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. 211.96.97.44:7000 KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.8
profile none summary
tarball 19 of 30 93282471f7
[Firefox:10 hits: 04-28 to 05-08] 95951dee58 [0] ASM:Graph
ASProtect| lines=0 trace

T:01:51:00 WinXP 41.212.180.43 (-):
. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:02:02:00 WinXP 82.212.183.75 (82-212-156-10.TELEDISNET.BE):
TELEDISNET ISP,
BE. 211.96.97.44:7000 DE:proxim.ircgalaxy.pl
KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 26 of 31 ebcf6f06d3
NEW none[4] none:none
none|none none trace

02:03:00 Win2K-f 212.43.1.192 (KEOIC.COM):
PROVIDER LOCAL REGISTRY,
KW. n/a US:wow.blackirc.us
SE:tap.radioprishtina.net
SE:84.244.19.254:2345 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 4 of 31 f01a2de580
NEW f01a2de580 [1] ASM:Graph
StarForce| lines=90 trace

T:02:06:00 Win2K-f 77.127.64.63 (INTER.NET.IL):
EURONET DIGITAL COMMUNICATIONS,
IL. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 10 of 32 639a247ece
[Firefox:26 hits: 04-28 to 05-08] 29d53eec72 [0] ASM:Graph
StarForce| lines=132 trace

02:15:00 WinXP 86.96.74.49 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 736531b2e5
[Firefox:37 hits: 07-06 to 09-21] none[4] none:none
PolyEnE| none trace

T:02:18:00 WinXP 79.83.120.175 (G-M-I.NET):
EU-ZZ,
UK. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:29:00 WinXP 79.126.62.129 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 30 93282471f7
[Firefox:10 hits: 04-28 to 05-08] 95951dee58 [0] ASM:Graph
ASProtect| lines=0 trace

02:29:00 WinXP 79.184.140.56 (TPNET.PL):
TPSA,
PL. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:29:00 Win2K-f 212.34.115.153 (-):
NETCENTER GMBH COMMUNICATION CENTER BREMEN,
DE. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 32 dc8e1c63cd
[Firefox:78 hits: 12-27 to 05-08] e0eb8646ee [0] ASM:Graph
none|none lines=601
embedded dns trace

02:32:00 Win2K-f 90.151.107.37 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 cb89ccfe52
[Firefox: 3 hits: 04-29 to 05-04] 881f6fa4b7 [0] ASM:Graph
TXT2COM| lines=406
embedded dns trace

T:02:37:00 Win2K-f 83.238.234.254 (INETIA.PL):
INTERNETIA,
KATOWICE, SLASKIE, PL. (DSL) 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

T:02:50:00 WinXP 212.191.47.32 (LODZ.PL):
ACADEMY OF MUSIC IN LODZ POLAND,
LODZ, LODZKIE, PL. (100Mbps) 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:54:00 Win2K-f 89.24.231.35 (4GINTERNET.CZ):
RADIOMOBIL,
CZ. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:55:00 WinXP 89.146.179.92 (NET.BA):
BRAS PPPOE POOL UPGRADE,
SARAJEVO, FEDERATION OF BOSNIA AND HERZEGOVINA, BA. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 30 93282471f7
[Firefox:10 hits: 04-28 to 05-08] 95951dee58 [0] ASM:Graph
ASProtect| lines=0 trace

02:59:00 WinXP 91.64.215.35 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:186 hits: 03-31 to 04-27] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:03:02:00 WinXP 213.133.14.14 (-):
SPINN INTERNATIONAL APS,
DK. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

T:03:17:00 Win2K-f 196.29.185.248 (FCBIBANK.COM):
AFRINIC,
KHARTOUM, AL KHARTUM, SD. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 32 99d495446f
NEW none[4] none:none
none|none none trace

03:19:00 Win2K-f 4.246.150.161 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN JOSE, CALIFORNIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

03:31:00 WinXP 117.199.179.111 (-):
. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:03:37:00 WinXP 122.52.22.101 (PLDT.NET):
IPG,
PH. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

03:38:00 WinXP 117.198.1.7 (-):
. 211.96.97.44:7000 DE:proxim.ircgalaxy.pl
KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 27 of 31 3a3f82c079
NEW none[4] none:none
none|none none trace

T:03:51:00 Win2K-f 41.214.138.189 (-):
. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

03:58:00 WinXP 88.156.84.113 (VECTRANET.PL):
NETWORK IN BIALYSTOK GDYNIA SKIERNIEWICE KOSCIERZYNA BELCHATOW,
'S-HERTOGENBOSCH, NOORD-BRABANT, NL. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

03:59:00 Win2K-f 81.230.91.117 (SKANOVA.COM):
TELIA NETWORK SERVICES,
ÄLMHULT, KRONOBERG, SE. (DSL) 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:04:15:00 WinXP 118.174.147.167 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1275 hits: 12-31 to 05-08] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

04:20:00 Win2K-f 83.238.234.254 (INETIA.PL):
INTERNETIA,
KATOWICE, SLASKIE, PL. (DSL) n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

04:21:00 Win2K-f 60.50.71.11 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 16 of 31 3520abf6e9
NEW none[4] none:none
none|none none trace

04:23:00 WinXP 92.235.221.119 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

04:26:00 Win2K-f 82.137.51.212 (RDSNET.RO):
RCS-RDS-FIBERLINK,
BUCHAREST, BUCURESTI, RO. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

04:36:00 WinXP 91.67.255.19 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 1.3
profile none summary
tarball 21 of 31 7a520e5605
NEW none[4] none:none
none|none none trace

04:38:00 Win2K-f 190.173.122.241 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

04:39:00 WinXP 212.220.83.249 (-):
URALSVIAZINFORM - INTERNET V KREDIT,
EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:45:00 Win2K-f 122.124.139.239 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:49:00 WinXP 60.54.61.68 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. n/a DE:proxim.ircgalaxy.pl
KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 31 c5f0e6ef6c
NEW none[4] none:none
none|none none trace

04:56:00 Win2K-f 62.40.49.38 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
DUBLIN, DUBLIN, IE. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

04:58:00 Win2K-f 91.67.159.44 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 31 3774f31b41
NEW none[4] none:none
none|none none trace

05:12:00 WinXP 86.75.165.130 (GAOLAND.NET):
DYNAMIC POOLS,
FR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

05:12:00 WinXP 78.57.26.14 (ZEBRA.LT):
LIETUVOS,
KAUNAS, KAUNO APSKRITIS, LT. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

05:18:00 WinXP 124.43.51.9 (-):
INTERNET SERVICE PROVIDER IN SRI LANKA,
LK. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:05:18:00 Win2K-f 92.112.38.168 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 11 of 31 4620861e2d
[Firefox: 9 hits: 04-27 to 05-08] none[4] none:none
StarForce| none trace

05:24:00 Win2K-f 89.169.109.184 (-):
MOSINFOLINE,
RU. 211.96.97.44:7000 KR:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 21 of 31 c1f12e0109
[Firefox:10 hits: 04-28 to 05-07] none[4] none:none
none|none none trace

05:33:00 WinXP 122.29.4.21 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:578 hits: 07-11 to 05-08] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

05:39:00 Win2K-f 84.155.123.230 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
AUGSBURG, BAYERN, DE. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:05:41:00 WinXP 89.24.237.112 (4GINTERNET.CZ):
RADIOMOBIL,
CZ. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

05:43:00 WinXP 118.161.8.153 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:44:00 Win2K-f 79.83.84.43 (G-M-I.NET):
EU-ZZ,
UK. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:05:47:00 Win2K-f 4.248.236.160 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOUISA, VIRGINIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

06:03:00 WinXP 92.9.172.129 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

06:05:00 Win2K-f 85.243.18.192 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
AVEIRO, AVEIRO, PT. (DSL) n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

T:06:08:00 Win2K-f 79.124.192.15 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a KR:hail.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
18 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:06:15:00 Win2K-f 201.48.244.189 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

06:26:00 Win2K-f 117.198.147.131 (-):
. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
17 lines Yeah : 0.8
profile none summary
tarball 26 of 31 e66f5758b7
NEW none[4] none:none
none|none none trace

06:35:00 WinXP 201.20.239.13 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:06:51:00 Win2K-f 41.235.4.11 (TEDATA.NET):
PROVIDER LOCAL REGISTRY,
EG. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

06:54:00 WinXP 89.24.30.127 (4GINTERNET.CZ):
GPRS/WBA CUSTOMER NETWORKS,
CZ. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

07:00:00 Win2K-f 85.204.122.232 (JUMP.RO):
SC AZURE SOFTWARE SRL,
RO. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

07:05:00 WinXP 85.234.112.74 (-):
SIBTELECOM LTD. NETWORK,
RU. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:07:15:00 WinXP 200.184.16.160 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

07:25:00 Win2K-f 60.51.58.220 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

T:07:33:00 Win2K-f 190.135.42.59 (-):
. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

07:35:00 WinXP 88.15.135.226 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
ES. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 11 of 31 4620861e2d
[Firefox: 9 hits: 04-27 to 05-08] none[4] none:none
StarForce| none trace

07:54:00 WinXP 89.1.235.14 (BARAK-ONLINE.NET):
BARAK,
TEL AVIV, TEL AVIV, IL. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

07:58:00 Win2K-f 189.5.161.250 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
GOIâNIA, GOIáS, BR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

08:01:00 Win2K-f 62.240.50.207 (LTTNET.NET):
PROVIDER LOCAL REGISTRY,
LY. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 26 of 32 1f455b02c6
NEW none[4] none:none
none|none none trace

08:07:00 Win2K-f 89.124.86.12 (IRISHBROADBAND.IE):
ESB ORANMORE CUSTOMER EXPANSION,
IE. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

T:08:08:00 Win2K-f 4.153.5.182 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
HUNTSVILLE, ALABAMA, US. (DIAL) n/a DE:proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 28 of 31 0fa1bc43a9
NEW none[4] none:none
FSG| none trace

08:18:00 WinXP 79.76.6.103 (AS9105.COM):
TELINCO,
UK. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2592 hits: 12-31 to 05-08] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:08:25:00 WinXP 85.196.220.94 (STV.EE):
PARNU UBR'S,
PARNU, PARNUMAA, EE. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:08:31:00 Win2K-f 87.204.92.244 (COM.PL):
NETIA,
PL. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

08:37:00 Win2K-f 89.137.2.21 (ASTRAL.RO):
ASTRAL CLUJ-NAPOCA DOCSIS,
CLUJ-NAPOCA, CLUJ, RO. (DSL) n/a :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:186 hits: 03-31 to 04-27] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

08:40:00 Win2K-f 91.66.207.92 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:186 hits: 03-31 to 04-27] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

08:41:00 Win2K-f 200.172.2.204 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:08:43:00 Win2K-f 89.137.2.21 (ASTRAL.RO):
ASTRAL CLUJ-NAPOCA DOCSIS,
CLUJ-NAPOCA, CLUJ, RO. (DSL) n/a :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:186 hits: 03-31 to 04-27] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:08:44:00 WinXP 84.51.85.9 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 8f367186c3
[Firefox:62 hits: 12-27 to 05-08] 01a06977c4 [0] ASM:Graph
TXT2COM| lines=0 trace

08:47:00 WinXP 61.228.8.122 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:47:00 WinXP 80.201.252.179 (ISP.BELGACOM.BE):
BELGACOM-ADSL,
CHARLEROI, HAINAUT, BE. 69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:186 hits: 03-31 to 04-27] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

08:52:00 Win2K-f 89.136.80.71 (UPCNET.RO):
ASTRAL-UPC BOTOSANI,
CLUJ-NAPOCA, CLUJ, RO. n/a :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:186 hits: 03-31 to 04-27] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:08:52:00 WinXP 200.172.2.204 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:186 hits: 03-31 to 04-27] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

09:00:00 Win2K-f 79.126.60.51 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 16 of 31 0c8122629f
NEW none[4] none:none
none|none none trace

T:09:03:00 WinXP 86.106.227.93 (HOST-86-106-208-10.MOLDTELECOM.MD):
JSC MOLDTELECOM SA,
CHISINAU, CHISINAU, MD. n/a :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:186 hits: 03-31 to 04-27] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:09:07:00 Win2K-f 61.59.124.145 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 85.114.137.60:65520 DE:proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset irc
7 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:09:07:00 WinXP 41.214.141.126 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 d6df3972a0
[Firefox:214 hits: 05-02 to 05-08] 39eeef52a4 [0] ASM:Graph
PolyEnE| lines=65 trace

09:09:00 WinXP 78.1.183.170 (T-COM.HR):
HPTNET,
HR. (DSL) n/a :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:186 hits: 03-31 to 04-27] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

09:15:00 WinXP 86.175.5.22 (BTOPENWORLD.COM):
BT PUBLIC INTERNET SERVICE,
UK. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 25 of 31 a08374e5ca
NEW none[4] none:none
none|none none trace

T:09:20:00 Win2K-f 218.190.228.54 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 85.114.137.60:65520 DE:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
CZ:217.170.244.2:443
CZ:82.114.64.251:443
DE:85.114.137.60:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset irc
3 lines Yeah : 1.8
profile none summary
tarball none none none none none none none

T:09:32:00 WinXP 61.223.213.27 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAINAN, KAO-HSIUNG, TW. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 23 of 31 ff560a2774
NEW none[4] none:none
ASProtect| none trace

09:35:00 WinXP 87.64.175.17 (ISP.BELGACOM.BE):
BELGACOM-ADSL,
DENDERMONDE, OOST-VLAANDEREN, BE. (DSL) n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 8f367186c3
[Firefox:62 hits: 12-27 to 05-08] 01a06977c4 [0] ASM:Graph
TXT2COM| lines=0 trace

09:38:00 Win2K-f 79.124.138.252 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 1.3
profile none summary
tarball 27 of 30 74cf1d81e8
NEW none[4] none:none
none|none none trace

09:48:00 WinXP 92.0.111.33 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

09:55:00 WinXP 200.127.193.143 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

09:56:00 Win2K-f 201.236.233.81 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
MANIZALES, CALDAS, CO. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:06:00 WinXP 91.186.219.176 (-):
CHAPAR RASANEH,
TEHRAN, TEHRAN, IR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 15 of 31 0eceeeb0e0
[Firefox: 2 hits: 05-05 to 05-07] none[4] none:none
none|none none trace

T:10:08:00 WinXP 124.43.219.214 (-):
INTERNET SERVICE PROVIDER IN SRI LANKA,
COLOMBO, CENTRAL, LK. (DIAL) n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 31 fc9addab43
NEW none[4] none:none
none|none none trace

10:15:00 Win2K-f 190.45.155.52 (VTR.NET):
VTR BANDA ANCHA S.A,
PATERSON, NEW JERSEY, US. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 8f367186c3
[Firefox:62 hits: 12-27 to 05-08] 01a06977c4 [0] ASM:Graph
TXT2COM| lines=0 trace

T:10:16:00 Win2K-f 91.67.206.35 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 31 d66094af88
NEW none[4] none:none
none|none none trace

T:10:19:00 Win2K-f 89.218.97.223 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:49 hits: 04-27 to 05-08] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

10:25:00 Win2K-f 79.22.4.40 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 26 of 32 84dbbde70d
NEW none[4] none:none
StarForce| none trace

10:34:00 Win2K-f 89.35.206.57 (RAKNETSOFT.RO):
SC RAKNET SOFT SRL,
PLOIESTI, PRAHOVA, RO. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

10:35:00 WinXP 85.227.254.195 (BREDBANDSBOLAGET.SE):
BB-BISP-DSL10-SBB10-MLM,
SE. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:37:00 WinXP 79.126.16.194 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 17 of 31 c845dfb0fd
NEW none[4] none:none
none|none none trace

10:44:00 Win2K-f 84.51.88.218 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 15 of 31 0e19c1bc49
NEW none[4] none:none
none|none none trace

T:10:46:00 Win2K-f 91.87.210.141 (SMTP.WIMI.BE):
MOBISTAR,
BE. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 e47d5fbf7e
NEW none[4] none:none
none|none none trace

10:50:00 Win2K-f 91.66.101.208 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 28 of 31 57802172a4
[Firefox: 2 hits: 05-03 to 05-06] 638ec51ab7 [0] ASM:Graph
ASProtect| lines=439
embedded dns trace

11:04:00 Win2K-f 78.145.171.251 (-):
OPAL TELECOM DSL,
UK. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 31 68bd8edcff
NEW none[4] none:none
none|none none trace

11:08:00 Win2K-f 84.126.192.128 (ONO.COM):
PROVIDER LOCAL REGISTRY,
ES. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:10:00 Win2K-f 92.46.129.124 (IKBCC.COM):
EU-ZZ,
UK. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 19 of 31 608d4c1595
NEW none[4] none:none
none|none none trace

11:33:00 Win2K-f 196.34.242.234 (PLACECOL.COM):
AFRINIC,
ZA. n/a 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

11:38:00 WinXP 92.3.185.34 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

T:11:42:00 WinXP 77.241.140.78 (-):
HI3GACCESS,
SE. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 31 fbb4b79491
NEW none[4] none:none
none|none none trace

11:43:00 Win2K-f 84.119.35.255 (SWIPNET.SE):
PROVIDER LOCAL REGISTRY,
SE. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:30 hits: 04-29 to 05-08] none[4] none:none
none|none none trace

11:44:00 Win2K-f 212.191.47.32 (LODZ.PL):
ACADEMY OF MUSIC IN LODZ POLAND,
LODZ, LODZKIE, PL. (100Mbps) n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:11:50:00 WinXP 87.20.36.161 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

11:53:00 WinXP 79.120.19.155 (-):
FAIRLIE HOLDING & FINANCE LIMITED,
RU. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:578 hits: 07-11 to 05-08] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:11:53:00 Win2K-f 189.3.60.143 (HELP-INFO.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:12:00:00 WinXP 85.120.146.206 (-):
SC-A-AND-D-INFOCOM-SRL,
RO. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
21 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:24:00 Win2K-f 88.157.252.53 (REV-82-102-32-10.TVTEL.PT):
TVTEL - GRANDE PORTO COMUNICACOES SA,
PORTO, PORTO, PT. (DSL) n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:27:00 WinXP 67.107.1.177 (XO.NET):
XO COMMUNICATIONS,
OCEANSIDE, CALIFORNIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 31 36a1bf4777
NEW none[4] none:none
PolyEnE| none trace

12:30:00 Win2K-f 92.112.185.27 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

12:32:00 Win2K-f 201.194.215.19 (ICE.CO.CR):
INSTITUTO COSTARRICENSE DE ELECTRICIDAD Y TELECOM,
CR. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:33:00 WinXP 24.175.209.178 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HARLINGEN, TEXAS, US. n/a RU:moscow-advokat.ru
:caen.fr.eu.undernet.org
:los-angeles.ca.us.undernet.org
:brussels.be.eu.undernet.org
:flanders.be.eu.undernet.org
AT:graz.at.eu.undernet.org
:irc.kar.net
RU:irc.tsk.ru
NO:london.uk.eu.undernet.org
US:lia.zanet.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset other
0 lines Yeah : 1.3
profile none summary
tarball 29 of 29 042774a2b7
[Firefox:136 hits: 05-01 to 05-08] 1c9a472cd7 [0] ASM:Graph
PolyEnE| lines=71
embedded dns trace

12:36:00 WinXP 83.8.252.48 (TPNET.PL):
NEOSTRADA PLUS,
PL. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

13:11:00 Win2K-f 190.50.182.201 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

13:13:00 WinXP 189.16.0.55 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000
US:63.149.6.91:7000
US:65.117.119.162:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 26 of 31 22d0bdd79a
NEW none[4] none:none
none|none none trace

13:42:00 WinXP 98.140.134.91 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 30 of 31 c9db1d1d21
NEW none[4] none:none
PolyEnE| none trace

T:14:00:00 WinXP 82.245.120.178 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 207.213.82.249:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:01:00 Win2K-f 212.30.188.35 (MTU.RU):
ZAO MTU-INTEL,
MOSCOW, MOSKVA, RU. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 cb89ccfe52
[Firefox: 3 hits: 04-29 to 05-04] 881f6fa4b7 [0] ASM:Graph
TXT2COM| lines=406
embedded dns trace

T:14:03:00 Win2K-f 200.137.173.16 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
US:207.213.82.249:7000
CN:211.96.97.44:7000
US:65.117.119.162:7000 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:09:00 Win2K-f 118.169.225.128 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2592 hits: 12-31 to 05-08] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

14:19:00 WinXP 83.36.170.224 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
A CORUñA, GALICIA, ES. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:23:00 WinXP 87.60.78.133 (IP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 31 of 32 f75ab5b3fa
[Firefox: 2 hits: 04-23 to 04-24] 51dcafa09c [0] ASM:Graph
PolyEnE| lines=129 trace

T:14:36:00 Win2K-f 70.119.117.74 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LAKELAND, FLORIDA, US. n/a 135 pcap raw alerts
ruleset other
111 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

14:54:00 Win2K-f 60.48.182.213 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
17 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:15:11:00 WinXP 78.130.81.139 (REV.OPTIMUS.PT):
OPTIMUS TELECOMUNICAGUES S.A,
PT. 85.114.137.60:80 211.96.97.44:7000 DE:proxim.ircgalaxy.pl
KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000
DE:85.114.137.60:80 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.8
profile none summary
tarball 26 of 32 468edb8964
NEW none[4] none:none
Xtreme-Pr| none trace

T:15:21:00 WinXP 66.26.89.222 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:374 hits: 12-31 to 05-08] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:15:54:00 WinXP 81.246.184.60 (ISP.BELGACOM.BE):
SKYNET-ADSL,
DENDERMONDE, OOST-VLAANDEREN, BE. (DSL) n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:15:59:00 WinXP 87.19.137.175 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

16:02:00 Win2K-f 190.31.115.72 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
19 lines Yeah : 1.3
profile none summary
tarball 18 of 32 7e28dac8de
[Firefox:11 hits: 04-27 to 05-06] none[4] none:none
none|none none trace

T:16:02:00 Win2K-f 190.139.213.160 (NET.AR):
TELECOM ARGENTINA S.A,
AR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

16:14:00 Win2K-f 92.10.73.19 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

16:24:00 WinXP 189.5.171.15 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
GOIâNIA, GOIáS, BR. 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

16:30:00 Win2K-f 189.48.67.108 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:16:34:00 WinXP 201.254.20.8 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:16:36:00 Win2K-f 41.236.14.188 (TEDATA.NET):
PROVIDER LOCAL REGISTRY,
EG. n/a 445 pcap raw alerts
ruleset shell
ftp
shell
19 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

16:45:00 WinXP 218.171.208.144 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

16:48:00 Win2K-f 189.61.33.35 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

16:52:00 Win2K-f 201.38.167.11 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

16:54:00 WinXP 78.16.234.221 (ESAT.NET):
ESAT TELECOMMUNICATIONS LIMITED,
IE. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

T:16:59:00 Win2K-f 217.202.57.30 (-):
TELECOM ITALIA MOBILE,
IT. 217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2592 hits: 12-31 to 05-08] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

17:10:00 Win2K-f 200.165.241.21 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:17:19:00 Win2K-f 89.178.114.105 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSKVA, RU. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

17:34:00 Win2K-f 190.137.2.220 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:17:43:00 WinXP 200.21.24.236 (TELECOM.COM.CO):
COLOMBIA TELECOMUNICACIONES S.A. ESP,
CO. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

17:54:00 Win2K-f 190.128.8.253 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
MANIZALES, CALDAS, CO. 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 fe574e73b4
NEW none[4] none:none
none|none none trace

T:17:57:00 Win2K-f 190.128.92.134 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
CO. 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 fe574e73b4
NEW none[4] none:none
none|none none trace

T:18:02:00 Win2K-f 90.151.186.163 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. 211.96.97.44:7000 KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 20 of 31 cb89ccfe52
[Firefox: 3 hits: 04-29 to 05-04] 881f6fa4b7 [0] ASM:Graph
TXT2COM| lines=406
embedded dns trace

18:12:00 Win2K-f 190.134.7.242 (-):
. 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

18:13:00 Win2K-f 200.104.156.84 (VTR.NET):
VTR BANDA ANCHA S.A,
SANTIAGO, REGION METROPOLITANA, CL. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

18:28:00 WinXP 190.188.150.164 (NET.AR):
PRIMA S.A,
AR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

18:29:00 Win2K-f 124.82.88.188 (TM.NET.MY):
TM ADSL SERVICE PROVIDER MALAYSIA,
SELAYANG JAYA, SELANGOR, MY. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

18:29:00 Win2K-f 201.254.20.8 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

18:34:00 WinXP 189.63.3.140 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 32 dc8e1c63cd
[Firefox:78 hits: 12-27 to 05-08] e0eb8646ee [0] ASM:Graph
none|none lines=601
embedded dns trace

18:45:00 Win2K-f 118.169.58.201 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2592 hits: 12-31 to 05-08] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

19:04:00 WinXP 201.254.41.217 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:19:08:00 WinXP 4.244.147.127 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LEAVENWORTH, KANSAS, US. (DIAL) n/a DE:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
EU:ebookfinaltrash.ru
US:208.73.212.12:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
http
4 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1009 hits: 05-01 to 05-08] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:19:12:00 Win2K-f 190.225.146.45 (-):
. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

T:19:18:00 WinXP 189.63.15.212 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 211.96.97.44:7000 KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

19:21:00 WinXP 189.5.146.48 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
GOIâNIA, GOIáS, BR. 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
16 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

19:35:00 WinXP 61.231.87.92 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:30 hits: 04-29 to 05-08] none[4] none:none
none|none none trace

19:37:00 Win2K-f 87.196.102.184 (NET.NOVIS.PT):
NOVIS TELECOM S.A,
LISBON, LISBOA, PT. (DSL) n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:19:50:00 WinXP 87.59.52.233 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 16 of 31 4e4fc374e3
NEW none[4] none:none
PolyEnE| none trace

19:53:00 WinXP 87.59.52.233 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 31 d744c7ca96
NEW none[4] none:none
PolyEnE| none trace

20:05:00 WinXP 201.253.199.152 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

20:51:00 Win2K-f 61.228.84.93 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset shell
shell
ftp
18 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

20:53:00 Win2K-f 189.49.6.41 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a KR:hail.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

21:04:00 WinXP 206.248.231.155 (NTELOS.NET):
NTELOS - WYBO 6400 NRP ADSL DHCP RANGE,
CLIFTON FORGE, VIRGINIA, US. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:21:09:00 WinXP 125.197.32.4 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:578 hits: 07-11 to 05-08] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:21:21:00 Win2K-f 200.227.49.24 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a KR:hail.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

21:37:00 Win2K-f 60.53.1.231 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
16 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

21:41:00 WinXP 85.186.123.206 (-):
ASTRAL CONSTANTA RESIDENTIAL,
CONSTANTA, CONSTANTA, RO. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:30 hits: 04-29 to 05-08] none[4] none:none
none|none none trace

22:08:00 WinXP 125.101.83.144 (UCOM.NE.JP):
G-KG0008N,
JP. (100Mbps) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:578 hits: 07-11 to 05-08] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

22:34:00 WinXP 85.181.68.230 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) n/a DE:proxim.ircgalaxy.pl
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 31 4fd0418580
NEW none[4] none:none
PolyEnE| none trace

22:36:00 WinXP 66.26.89.222 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:374 hits: 12-31 to 05-08] 048df78048 [0] ASM:Graph
none|none lines=61 trace

22:50:00 Win2K-f 85.15.254.35 (-):
ULTRACOMS-NET,
LV. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:67 hits: 05-05 to 05-08] none[4] none:none
none|none none trace

T:22:52:00 WinXP 125.24.140.73 (TOTBB.NET):
TOT ADSL IP ADDRESS POOL,
TH. (DSL) 211.96.97.44:7000 KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 21 of 31 362b6c6470
NEW none[4] none:none
none|none none trace

22:54:00 Win2K-f 89.109.31.23 (MTS-NN.RU):
NETWORK FOR VPDN SESSION TERMINATIONS ON UAC`S FOR,
RU. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 30 93282471f7
[Firefox:10 hits: 04-28 to 05-08] 95951dee58 [0] ASM:Graph
ASProtect| lines=0 trace

22:57:00 WinXP 61.228.109.181 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 217.170.244.2:443
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2592 hits: 12-31 to 05-08] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

23:02:00 WinXP 62.47.30.215 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
VIENNA, WIEN, AT. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

23:08:00 Win2K-f 91.58.222.28 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a KR:hail.dns2go.com
KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:30 hits: 04-29 to 05-08] none[4] none:none
none|none none trace

T:23:08:00 Win2K-f 92.46.25.9 (IKBCC.COM):
EU-ZZ,
UK. n/a KR:scorti1.dns2go.com
CN:211.96.97.44:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:49 hits: 04-27 to 05-08] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

T:23:32:00 Win2K-f 122.121.239.21 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 211.96.97.44:7000 KR:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:889 hits: 04-27 to 05-08] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace