Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

21 May 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:18:00 Win2K-f 193.19.247.98 (UKRHITECH.NET):
UKRAINIAN HIGH TECHNOLOGIES LTD. KIEV UKRAINE,
KIEV, MISTO KYYIV, UA. n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

00:26:00 WinXP 210.199.98.3 (ENJOY.NE.JP):
DEODEO INTERNET SERVICE(DEODEO CORPORATION),
JP. (DSL) n/a DE:proxim.ircgalaxy.pl
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball none 07177edf82
NEW none[4] none:none
PolyEnE| none trace

00:36:00 WinXP 4.252.135.33 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SYCAMORE, ILLINOIS, US. (DIAL) n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
US:spi.domainsponsor.com
US:204.13.161.51:80
US:208.73.212.12:80 445 pcap raw alerts
ruleset http
http
http
9 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:447 hits: 05-04 to 05-19] none[3] none:none
ASPack| none trace

00:45:00 WinXP 78.82.229.114 (TELENOR.SE):
TELENOR BUSINESS SOLUTION AB,
SE. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 30 of 32 c1135cfa4a
[Firefox: 4 hits: 03-17 to 04-10] 7af59510fa [0] ASM:Graph
PolyEnE| lines=68 trace

00:51:00 WinXP 202.150.122.34 (-):
KOL-DIAL,
AUCKLAND, AUCKLAND, NZ. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 30 of 32 3ee1a9b4a6
NEW none[none] none:none
none|none none none

01:17:00 WinXP 119.228.7.113 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:601 hits: 07-11 to 05-20] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

01:24:00 Win2K-f 190.50.197.188 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

01:31:00 WinXP 92.40.212.20 (IKBCC.COM):
EU-ZZ,
UK. 85.114.137.60:80 DE:proxim.ircgalaxy.pl
DE:85.114.137.60:80 445 pcap raw alerts
ruleset http
irc
50 lines Yeah : 1.3
profile none summary
tarball 28 of 31 f58222344f
[Firefox:10 hits: 12-31 to 05-17] 2a56436a64 [0] ASM:Graph
PolyEnE| lines=265
embedded dns trace

02:02:00 WinXP 79.131.113.188 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:601 hits: 07-11 to 05-20] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:02:10:00 WinXP 41.212.180.44 (-):
. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:02:16:00 WinXP 79.138.183.114 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 32 1e5df7ba74
[Firefox:17 hits: 03-24 to 05-20] a5331b711f [0] ASM:Graph
PolyEnE| lines=68 trace

02:25:00 Win2K-f 91.66.201.104 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 28 of 31 c1a3e57a40
NEW none[4] none:none
none|none none trace

T:02:30:00 Win2K-f 89.24.39.84 (4GINTERNET.CZ):
GPRS/UMTS CUSTOMER NETWORK,
CZ. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
18 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:02:36:00 Win2K-f 77.209.90.74 (AIRTEL.NET):
VODAFONE ESPANA S.A,
ES. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 32 3b9f22c3b2
NEW none[none] none:none
none|none none none

T:03:02:00 WinXP 86.68.162.189 (GAOLAND.NET):
DYNAMIC POOLS,
FR. n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 32 5403738785
NEW none[none] none:none
none|none none none

T:03:04:00 Win2K-f 81.246.140.57 (ISP.BELGACOM.BE):
SKYNET-ADSL,
DENDERMONDE, OOST-VLAANDEREN, BE. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

03:12:00 WinXP 218.23.214.19 (AH163.NET):
CHINANET ANHUI PROVINCE NETWORK,
ANHUI, ANHUI, CN. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:03:12:00 WinXP 99.138.65.177 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:391 hits: 12-31 to 05-19] 048df78048 [0] ASM:Graph
none|none lines=61 trace

03:25:00 WinXP 119.17.102.182 (-):
. n/a DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 30 of 32 3f5ec58a6b
[Firefox:21 hits: 04-24 to 05-18] 4a77430a59 [0] ASM:Graph
PolyEnE| lines=70 trace

03:31:00 WinXP 212.46.226.98 (TYUMEN.RU):
TYUMEN STATE OIL AND GAS UNIVERSITY,
BIYSK, ALTAYSKIY KRAY, RU. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

03:36:00 Win2K-f 87.110.33.195 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 18 of 32 f2c2e43043
NEW none[none] none:none
none|none none none

T:03:47:00 Win2K-f 87.119.246.96 (SARANSK.RU):
BRANCH IN MORDOVIAN REPUBLIC OJSC VOLGATELECOM,
RU. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:03:56:00 Win2K-f 80.33.220.216 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
MADRID, MADRID, ES. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 32 1da2b62ac8
NEW none[none] none:none
none|none none none

04:01:00 WinXP 219.116.163.82 (INFOWEB.NE.JP):
INFOWEB-CIDR-BLK,
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:601 hits: 07-11 to 05-20] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

04:10:00 WinXP 189.61.33.229 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 26 of 32 f16bf781e6
NEW none[none] none:none
none|none none none

04:17:00 Win2K-f 200.45.196.132 (NET.AR):
MIDAS-TELECOM,
AR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

04:19:00 WinXP 24.163.109.66 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:391 hits: 12-31 to 05-19] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:04:24:00 Win2K-f 212.32.96.106 (-):
TELECOM PLUS DYNAMIC IP BLOCK,
LONDON, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:27:00 WinXP 84.51.80.68 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. n/a US:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 14 of 32 8f367186c3
[Firefox:79 hits: 12-27 to 05-19] 01a06977c4 [0] ASM:Graph
TXT2COM| lines=0 trace

T:04:36:00 Win2K-f 41.202.75.144 (-):
. 209.250.232.240:7000 US:hail.dns2go.com
:www.google.com 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

04:37:00 Win2K-f 91.125.101.107 (BRIGHTVIEW.COM):
BRIGHTVIEW GROUP LIMITED,
LONDON, ENGLAND, UK. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

04:40:00 Win2K-f 122.52.21.66 (PLDT.NET):
IPG,
PH. n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:45:00 WinXP 84.103.192.197 (GAOLAND.NET):
DYNAMIC POOLS,
FR. n/a DE:proxim.ircgalaxy.pl
US:hail.dns2go.com
:www.google.com
US:scorti1.dns2go.com
US:209.250.232.240:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 28 of 32 cd37a98764
NEW none[none] none:none
none|none none none

T:04:47:00 Win2K-f 190.3.85.65 (TECHTELNET.NET):
TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A,
AR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

04:55:00 Win2K-f 92.4.228.42 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

T:04:57:00 WinXP 82.200.221.131 (-):
JSC KAZAKHTELECOM TALDYKORGAN,
KZ. n/a :www.google.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:67 hits: 04-27 to 05-17] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

05:08:00 WinXP 60.38.122.3 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a DE:proxim.ircgalaxy.pl
:www.google.com
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 df985cce91
NEW none[none] none:none
none|none none none

T:05:11:00 Win2K-f 78.130.81.155 (REV.OPTIMUS.PT):
OPTIMUS TELECOMUNICAGUES S.A,
PT. n/a US:hail.dns2go.com
US:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:05:18:00 Win2K-f 213.133.14.14 (-):
SPINN INTERNATIONAL APS,
DK. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

05:26:00 WinXP 92.112.216.151 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :www.google.com 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:05:31:00 Win2K-f 88.239.74.166 (-):
TT ADSL-METEKSAN DYNAMIC_GAY,
ISTANBUL, ISTANBUL, TR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

05:32:00 Win2K-f 212.34.103.132 (-):
NETC-ALPHAPOP-SERVERHOUSING,
DE. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:05:38:00 WinXP 83.10.228.73 (TPNET.PL):
NEOSTRADA PLUS,
PL. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset other
0 lines Yeah : 1.3
profile none summary
tarball 29 of 29 32a0d7d0e0
[Firefox:39 hits: 05-04 to 05-14] d791762796 [0] ASM:Graph
tElock| lines=81
embedded dns trace

05:39:00 WinXP 83.10.228.73 (TPNET.PL):
NEOSTRADA PLUS,
PL. (DSL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset other
0 lines Yeah : 1.3
profile none summary
tarball 29 of 29 32a0d7d0e0
[Firefox:39 hits: 05-04 to 05-14] d791762796 [0] ASM:Graph
tElock| lines=81
embedded dns trace

T:05:45:00 WinXP 78.97.0.211 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

T:05:46:00 Win2K-f 201.58.92.26 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

05:47:00 Win2K-f 87.17.141.223 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
CASTELLO DI CISTERNA, CAMPANIA, IT. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

T:05:48:00 WinXP 212.34.103.132 (-):
NETC-ALPHAPOP-SERVERHOUSING,
DE. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 32 dc8e1c63cd
[Firefox:92 hits: 12-27 to 05-20] e0eb8646ee [0] ASM:Graph
none|none lines=601
embedded dns trace

05:55:00 WinXP 93.80.26.219 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :www.google.com
US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:06:01:00 Win2K-f 82.250.75.47 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:06:13:00 Win2K-f 60.53.33.171 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUCHING, SARAWAK, MY. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

06:14:00 Win2K-f 212.203.54.116 (-):
LEUNET AG FRAUENFELD,
FRAUENFELD, THURGAU, CH. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:06:17:00 WinXP 88.132.1.36 (-):
PRTELECOM,
HU. n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

06:29:00 Win2K-f 61.61.210.186 (UBBN.NET):
UNION CABLE TV CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 29 of 32 82b7a30208
NEW none[none] none:none
none|none none none

T:06:32:00 WinXP 89.241.64.189 (-):
OPAL TELECOM DSL,
LUTON, ENGLAND, UK. (DIAL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
:www.google.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none 91e43fc14a
[Firefox: 5 hits: 05-01 to 05-02] none[4] none:none
Obsidium| none trace

06:48:00 WinXP 90.189.188.102 (SNT.RU):
OJSC SIBIRTELECOM,
RU. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none 4f887ca272
[Firefox:36 hits: 01-26 to 05-15] 4f887ca272 [1] ASM:Graph
Stranik| lines=6 trace

T:06:56:00 WinXP 75.119.93.220 (-):
. n/a 135 pcap raw alerts
ruleset other
5 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:02:00 Win2K-f 190.172.89.225 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 18 of 32 7e28dac8de
[Firefox:21 hits: 04-27 to 05-17] none[4] none:none
none|none none trace

T:07:13:00 Win2K-f 91.140.210.34 (-):
GULFNET,
KW. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset lanman
shell
shell
ftp
irc
31 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

07:15:00 Win2K-f 88.204.205.220 (-):
ALMATYTELECOM,
ALMATY, ALMATY, KZ. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:67 hits: 04-27 to 05-17] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

T:07:18:00 Win2K-f 85.26.71.37 (217-117-34-10.TELEDISNET.BE):
TELEDISNET ISP,
BE. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 28 of 31 e1e2bddf79
[Firefox: 2 hits: 05-04 to 05-19] none[4] none:none
none|none none trace

07:21:00 Win2K-f 151.21.83.23 (21-151.LIBERO.IT):
FREE INTERNET DIAL-UP SERVICES,
ROME, LAZIO, IT. (DIAL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:07:36:00 WinXP 83.217.236.103 (-):
SECOND DIALUP NET,
AM. n/a DE:siliconfireware.ru
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1023 hits: 05-01 to 05-20] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:07:39:00 WinXP 85.72.156.74 (OTENET.GR):
MULTIPROTOCOL SERVICE PROVIDER TO OTHER ISP'S AND END USERS,
AACHEN, NORDRHEIN-WESTFALEN, DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:601 hits: 07-11 to 05-20] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

07:44:00 WinXP 218.227.157.60 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 32 dc8e1c63cd
[Firefox:92 hits: 12-27 to 05-20] e0eb8646ee [0] ASM:Graph
none|none lines=601
embedded dns trace

07:53:00 WinXP 92.113.6.236 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:67 hits: 04-27 to 05-17] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

07:59:00 Win2K-f 88.170.191.22 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:00:00 WinXP 89.151.130.58 (CHTTS.RU):
ADSL USERS @ CHUVASH REPUBLIC,
RU. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1
profile none summary
tarball 14 of 32 8f367186c3
[Firefox:79 hits: 12-27 to 05-19] 01a06977c4 [0] ASM:Graph
TXT2COM| lines=0 trace

T:08:02:00 Win2K-f 77.241.131.189 (-):
HI3GACCESS,
SE. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

08:22:00 Win2K-f 189.29.210.36 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:08:27:00 WinXP 84.54.73.168 (-):
UZBEKTELECOM JOINT-STOCK COMPANY,
TASHKENT, TOSHKENT, UZ. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:34:00 Win2K-f 151.54.112.84 (38-151.NET24.IT):
IUNET-BNET,
PERUGIA, UMBRIA, IT. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

T:08:43:00 Win2K-f 86.35.109.70 (PLATINUMGROUP.RO):
ARTELECOM,
RO. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.8
profile none summary
tarball 27 of 32 fb28fc1d41
NEW none[4] none:none
none|none none trace

T:08:43:00 WinXP 91.145.6.171 (HELSINGENT.SE):
HELSINGE NET AB,
SE. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

08:55:00 Win2K-f 201.74.95.27 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

09:07:00 Win2K-f 62.235.162.192 (DSL.SCARLET.BE):
UNISOURCE,
HASSELT, LIMBURG, BE. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 24 of 32 8fb9548a47
[Firefox: 2 hits: 04-30 to 05-05] none[4] none:none
none|none none trace

09:24:00 WinXP 78.133.78.197 (MALTANET.NET):
MALTANET-RETAIL-DSL,
MT. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

09:27:00 Win2K-f 60.51.23.12 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KOTA KINABALU, SABAH, MY. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:09:33:00 Win2K-f 190.135.178.23 (-):
. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 29 of 32 550940587c
NEW none[none] none:none
none|none none none

09:33:00 WinXP 121.87.111.20 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 29 of 32 d1c4585b67
NEW none[none] none:none
none|none none none

T:09:34:00 Win2K-f 200.55.48.193 (NET.AR):
IMPSAT ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. (DIAL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

09:37:00 Win2K-f 84.238.70.233 (-):
DYNAMIC CUSTOMER IP'S,
ÅRHUS, ARHUS, DK. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:38:00 Win2K-f 121.2.12.54 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 28 of 32 d8b2a2db94
NEW none[none] none:none
none|none none none

09:41:00 Win2K-f 190.49.171.203 (COM.AR):
TELEFONICA DE ARGENTINA,
LOMAS DE ZAMORA, BUENOS AIRES, AR. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:50:00 WinXP 190.135.178.23 (-):
. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 29 of 32 550940587c
NEW none[none] none:none
none|none none none

T:10:01:00 WinXP 201.78.155.93 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 209.250.232.240:7000 US:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 13 of 32 53123fadcc
[Firefox:49 hits: 01-26 to 05-17] none[4] none:none
none|none none trace

T:10:03:00 Win2K-f 189.171.144.82 (PROD-INFINITUM.COM.MX):
UNINET S.A. DE C.V,
JUAREZ, CHIHUAHUA, MX. (DSL) 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:03:00 WinXP 60.52.38.26 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
SUNGAI PETANI, KEDAH, MY. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:09:00 Win2K-f 189.15.205.8 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:10:14:00 WinXP 190.99.223.153 (-):
. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:18:00 Win2K-f 92.82.77.250 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 31 f0e02bee5f
[Firefox: 5 hits: 04-27 to 05-16] none[4] none:none
none|none none trace

10:21:00 WinXP 170.51.149.47 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:10:25:00 Win2K-f 91.66.103.142 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

10:34:00 WinXP 190.134.27.32 (-):
. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:50:00 WinXP 91.66.239.112 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 32 d94d21fc29
[Firefox: 5 hits: 12-28 to 05-13] 9deff996b5 [0] ASM:Graph
ASProtect| lines=423
embedded dns trace

10:53:00 Win2K-f 201.255.236.51 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:10:55:00 Win2K-f 82.231.59.52 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 22 of 32 ac1108aece
NEW none[none] none:none
none|none none none

11:00:00 Win2K-f 81.93.93.11 (TEOL.NET):
TEOL ISP PROVIDER,
BANJA LUKA, REPUBLIKA SRPSKA, BA. (DIAL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:11:01:00 WinXP 212.39.107.118 (NET.BA):
HT D.O.O. MOSTAR,
MOSTAR, FEDERATION OF BOSNIA AND HERZEGOVINA, BA. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:06:00 WinXP 91.65.80.131 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 31 ab48a97a5d
[Firefox: 6 hits: 12-28 to 05-13] 81e9c5d188 [0] ASM:Graph
ASProtect| lines=419
embedded dns trace

T:11:10:00 Win2K-f 68.91.62.10 (SWBELL.NET):
UNIVERSAL ACADEMY ,
DALLAS, TEXAS, US. (100Mbps) 85.114.137.60:65520 DE:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.137.60:65520
DE:85.114.143.2:80 139 pcap raw alerts
ruleset irc
http
9 lines Yeah : 1.3
profile none summary
tarball 30 of 32 19e22b32fa
NEW none[none] none:none
none|none none none

11:11:00 Win2K-f 91.66.103.142 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

T:11:12:00 WinXP 189.5.89.12 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

11:16:00 WinXP 82.231.164.234 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 32 0d01a84899
NEW none[4] none:none
none|none none trace

11:17:00 WinXP 212.30.191.81 (MTU.RU):
ZAO MTU-INTEL,
RU. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:20:00 Win2K-f 79.202.240.105 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:24:00 WinXP 87.59.53.131 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 a4410431e4
[Firefox:23 hits: 10-11 to 01-23] none[none] none:none
none|none none none

11:33:00 Win2K-f 84.103.192.73 (GAOLAND.NET):
DYNAMIC POOLS,
FR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 28 of 32 cd37a98764
NEW none[none] none:none
none|none none none

11:34:00 Win2K-f 83.8.107.170 (TPNET.PL):
NEOSTRADA PLUS,
PL. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:11:50:00 WinXP 85.24.168.66 (BAHNHOF.SE):
BAHNHOF INTERNET AB,
SE. 85.114.137.60:65520 209.250.232.240:7000 DE:proxim.ircgalaxy.pl
US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.8
profile none summary
tarball 29 of 33 9857cabb9d
NEW none[none] none:none
none|none none none

T:11:55:00 Win2K-f 41.214.140.32 (-):
. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

11:55:00 WinXP 81.156.210.109 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 32 1898e66cd2
NEW none[none] none:none
none|none none none

11:56:00 Win2K-f 87.103.91.135 (REV.VODAFONE.PT):
VODAFONE PORTUGAL,
PT. (DSL) 209.250.232.240:7000 US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 9 of 32 9345b57563
[Firefox:14 hits: 12-27 to 05-11] none[4] none:none
none|none none trace

12:06:00 WinXP 89.169.13.136 (-):
INFOLINE ZAO,
RU. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 19 of 30 93282471f7
[Firefox:19 hits: 04-28 to 05-17] 95951dee58 [0] ASM:Graph
ASProtect| lines=0 trace

12:07:00 Win2K-f 83.187.221.205 (CUST.TELE2.IT):
TELE2 ITALY S.A,
IT. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:12:07:00 WinXP 78.133.231.51 (IPARTNERS.PL):
GTS POLSKA SP. Z O.O,
PL. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 2
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:10:00 Win2K-f 85.241.151.182 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
AVEIRO, AVEIRO, PT. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:12:10:00 WinXP 151.21.64.85 (21-151.LIBERO.IT):
FREE INTERNET DIAL-UP SERVICES,
ROME, LAZIO, IT. (DIAL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:12:10:00 Win2K-f 212.200.178.105 (ODISEJ-VRRPP.TELEKOM.YU):
TELEKOM SRBIJA,
CS. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

12:12:00 WinXP 79.146.149.16 (RIMA-TDE.NET):
TELEFONICA,
MADRID, MADRID, ES. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

12:16:00 Win2K-f 190.224.107.89 (-):
. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:24:00 Win2K-f 78.96.66.224 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:32:00 Win2K-f 200.195.107.202 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:40:00 WinXP 41.207.26.123 (ADSL-213-136-127-10.AVISO.CI):
COTE D'IVOIRE TELECOM,
CI. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:40:00 WinXP 79.32.103.154 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:12:57:00 Win2K-f 88.214.132.4 (-):
GPRS COSTUMERS,
ALMADA, SETUBAL, PT. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

12:58:00 Win2K-f 190.99.223.153 (-):
. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:13:09:00 Win2K-f 170.51.152.216 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a DE:flu.flutp.com 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:13:12:00 Win2K-f 220.131.230.220 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAINAN, KAO-HSIUNG, TW. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

T:13:14:00 WinXP 83.45.46.148 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
MADRID, MADRID, ES. 209.250.232.240:7000 US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 13 of 32 53123fadcc
[Firefox:49 hits: 01-26 to 05-17] none[4] none:none
none|none none trace

13:23:00 WinXP 212.34.101.121 (-):
TICKET-SERVICE-CENTER GMBH,
DE. (100Mbps) n/a 445 pcap raw alerts
ruleset ftp
18 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

13:45:00 Win2K-f 88.214.132.4 (-):
GPRS COSTUMERS,
ALMADA, SETUBAL, PT. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:13:54:00 Win2K-f 84.103.192.73 (GAOLAND.NET):
DYNAMIC POOLS,
FR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 28 of 32 cd37a98764
NEW none[none] none:none
none|none none none

13:57:00 Win2K-f 85.39.89.34 (BUSINESS.TELECOMITALIA.IT):
INTERBUSINESS,
ROME, LAZIO, IT. (100Mbps) n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
18 lines Yeah : 0.8
profile none summary
tarball 26 of 32 bef683c76c
NEW none[none] none:none
none|none none none

14:09:00 Win2K-f 92.112.91.75 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

14:12:00 WinXP 200.117.158.27 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

14:13:00 WinXP 78.156.211.68 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:15:00 Win2K-f 89.180.56.254 (NET.NOVIS.PT):
NOVIS TELECOM S.A,
LISBON, LISBOA, PT. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 af98fe0c94
[Firefox:67 hits: 04-27 to 05-17] 480d076a0a [0] ASM:Graph
ASProtect| lines=422
embedded dns trace

14:26:00 Win2K-f 201.57.26.177 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 28 of 33 d622f851cf
NEW none[none] none:none
none|none none none

14:31:00 Win2K-f 79.94.66.61 (G-M-I.NET):
EU-ZZ,
UK. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:38:00 WinXP 79.138.167.57 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 32 1e5df7ba74
[Firefox:17 hits: 03-24 to 05-20] a5331b711f [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:50:00 WinXP 91.125.125.137 (BRIGHTVIEW.COM):
BRIGHTVIEW GROUP LIMITED,
LONDON, ENGLAND, UK. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

14:53:00 WinXP 189.5.89.12 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

15:00:00 Win2K-f 201.236.232.162 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
MANIZALES, CALDAS, CO. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
17 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

15:01:00 Win2K-f 189.61.38.53 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:15:11:00 Win2K-f 77.103.87.71 (BLUEYONDER.CO.UK):
CABLEINET,
UK. 209.250.232.240:7000 DE:proxim.ircgalaxy.pl
US:hail.dns2go.com
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 28 of 32 9acd0bdf6f
NEW none[none] none:none
none|none none none

15:12:00 WinXP 88.14.32.127 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
ES. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:15:15:00 WinXP 82.174.195.196 (DSL.VERSATELADSL.BE):
VERSATEL ADSL (DHCP SCOOP BRUSSEL) BELGIUM,
BRUSSELS, BRUSSELS, BE. (DSL) 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

15:30:00 WinXP 125.0.242.86 (INFOWEB.NE.JP):
FUJITSU LIMITED,
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:601 hits: 07-11 to 05-20] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

15:48:00 WinXP 12.74.219.133 (ATT.NET):
AT&T WORLDNET SERVICES,
LONGVIEW, TEXAS, US. (DIAL) n/a DE:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 33adba7615
NEW none[none] none:none
none|none none none

15:56:00 Win2K-f 82.247.70.121 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 8f367186c3
[Firefox:79 hits: 12-27 to 05-19] 01a06977c4 [0] ASM:Graph
TXT2COM| lines=0 trace

T:16:18:00 Win2K-f 201.213.92.203 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

16:25:00 WinXP 124.87.42.173 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a DE:proxim.ircgalaxy.pl
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 32 of 32 480c3e30ce
NEW none[none] none:none
none|none none none

16:30:00 Win2K-f 189.48.226.61 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:37:00 WinXP 207.253.53.31 (QC.CA):
INFOTECK INTERNET,
TROIS-RIVIèRES, QUEBEC, CA. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:432 hits: 05-02 to 05-13] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:16:54:00 WinXP 195.174.26.182 (KABLONET.COM.TR):
CABLE OPERATOR NETWORK OF TURK TELEKOM,
ISTANBUL, ISTANBUL, TR. (DSL) n/a EU:siliconfireware.ru
US:searchportal.information.com
:www.proxy-socks.net
:wpad
DE:212.227.111.29:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
2 lines Yeah : 0.8
profile none summary
tarball 28 of 32 fca62c12e8
NEW none[none] none:none
none|none none none

16:57:00 WinXP 190.31.33.211 (NET.AR):
TELECOM ARGENTINA S.A,
BUENOS AIRES, BUENOS AIRES, AR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:224 hits: 05-05 to 05-19] none[4] none:none
none|none none trace

16:58:00 Win2K-f 41.207.198.181 (ADSL-41-207-192-10.AVISO.CI):
AFRINIC,
CI. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

17:07:00 Win2K-f 77.28.179.34 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:17:09:00 Win2K-f 201.255.37.205 (COM.AR):
TELEFONICA DE ARGENTINA,
LA PLATA, BUENOS AIRES, AR. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.8
profile none summary
tarball 18 of 32 7e28dac8de
[Firefox:21 hits: 04-27 to 05-17] none[4] none:none
none|none none trace

17:16:00 WinXP 170.51.182.93 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

17:17:00 WinXP 189.29.91.103 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:40:00 WinXP 200.125.40.192 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
MONTEVIDEO, MONTEVIDEO, UY. (DIAL) 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:17:49:00 WinXP 4.247.170.158 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LAKELAND, FLORIDA, US. (DIAL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 a92e3f8fc8
[Firefox:112 hits: 05-03 to 05-11] dfe02a1e52 [0] ASM:Graph
PolyEnE| lines=68 trace

T:17:51:00 Win2K-f 125.201.150.23 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. (DSL) 209.250.232.240:7000 US:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 22 of 32 dc8e1c63cd
[Firefox:92 hits: 12-27 to 05-20] e0eb8646ee [0] ASM:Graph
none|none lines=601
embedded dns trace

18:00:00 Win2K-f 189.48.88.99 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:18:32:00 WinXP 190.164.223.34 (-):
. 209.250.232.240:7000 US:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.8
profile none summary
tarball 14 of 32 8f367186c3
[Firefox:79 hits: 12-27 to 05-19] 01a06977c4 [0] ASM:Graph
TXT2COM| lines=0 trace

T:18:40:00 WinXP 200.45.182.226 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

19:01:00 Win2K-f 194.186.138.42 (GLDN.NET):
SOVAM TELEPORT,
IRKUTSK, IRKUTSKAYA OBLAST', RU. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

19:19:00 Win2K-f 213.63.215.26 (NET.ARTELECOM.PT):
ARTELECOM,
PT. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:19:22:00 Win2K-f 201.250.209.2 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 18 of 32 7e28dac8de
[Firefox:21 hits: 04-27 to 05-17] none[4] none:none
none|none none trace

19:25:00 WinXP 216.221.74.212 (CGOCABLE.NET):
COGECO TELECOM,
HAMILTON, ONTARIO, CA. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:19:54:00 Win2K-f 117.195.162.196 (-):
. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

19:56:00 WinXP 90.151.1.164 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 31 9b0c5ed538
[Firefox: 4 hits: 05-02 to 05-10] none[4] none:none
none|none none trace

T:20:05:00 Win2K-f 200.117.121.106 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

20:06:00 WinXP 92.1.150.102 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:20:24:00 WinXP 75.82.128.112 (RR.COM):
ROAD RUNNER HOLDCO LLC,
THOUSAND OAKS, CALIFORNIA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
RU:www.bbin.ru
:wpad
GB:welcome3.smile.co.uk
RU:195.200.213.52:80
GB:195.92.84.198:80
US:208.73.212.12:80
DE:212.227.111.29:80
DE:217.11.54.126:80 445 pcap raw alerts
ruleset http
http
http
3 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1023 hits: 05-01 to 05-20] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

20:31:00 WinXP 190.31.137.4 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

21:13:00 WinXP 85.182.75.94 (ALICEDSL.DE):
HANSENET-ADSL,
HAMBURG, HAMBURG, DE. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 32 285af12d33
[Firefox: 3 hits: 04-28 to 05-05] none[4] none:none
none|none none trace

T:21:34:00 WinXP 82.119.153.64 (STV.RU):
OAO ELECTROSVIAZ STAVROPOL REGION,
RU. n/a 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 14 of 32 8f367186c3
[Firefox:79 hits: 12-27 to 05-19] 01a06977c4 [0] ASM:Graph
TXT2COM| lines=0 trace

21:43:00 WinXP 117.195.33.92 (-):
. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:21:47:00 WinXP 58.159.97.125 (UCOM.NE.JP):
G-AC0004N,
JP. (100Mbps) 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

21:58:00 Win2K-f 117.96.7.112 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

22:05:00 WinXP 189.36.177.228 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:22:51:00 Win2K-f 89.24.47.79 (4GINTERNET.CZ):
GPRS/UMTS CUSTOMER NETWORK,
CZ. n/a US:hail.dns2go.com
:www.google.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

23:07:00 Win2K-f 79.40.241.63 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:23:12:00 WinXP 88.204.225.239 (DIAL.ONLINE.KZ):
KAZAKHSTAN ONLINE BACKBONE,
KZ. (DIAL) n/a :www.google.com
DE:proxim.ircgalaxy.pl
US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 32 73a608a884
NEW none[4] none:none
none|none none trace

23:40:00 WinXP 118.100.181.72 (-):
. n/a :www.google.com
US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
19 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1345 hits: 04-27 to 05-20] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace