Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

23 May 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:14:00 WinXP 92.112.106.54 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 20 of 32 fd0bf48a75
[Firefox:12 hits: 04-28 to 05-22] none[3] none:none
ASProtect| none trace

00:19:00 Win2K-f 89.50.218.72 (PPPOOL.DE):
FREENET CITYLINE GMBH,
DE. (DIAL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 28 of 32 7b61cddb7d
NEW none[4] none:none
none|none none trace

00:24:00 WinXP 88.165.54.16 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 195.149.115.132:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
NEW none[4] none:none
Armadillo| none trace

T:00:24:00 Win2K-f 89.104.28.26 (BNET.AT):
B.NET BURGENLAND TELEKOM GMBH,
GRAZ, STEIERMARK, AT. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

00:28:00 Win2K-f 79.112.224.182 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:250 hits: 05-05 to 05-22] none[4] none:none
none|none none trace

T:00:35:00 WinXP 62.1.10.114 (ACCI.GR):
ATHENS CHAMBER OF COMMERCE AND INDUSTRY,
THESSALONIKI, THESSALONIKI, GR. 85.114.137.60:65520 DE:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 32 of 32 96c5f931fe
NEW none[4] none:none
PolyEnE| none trace

00:36:00 Win2K-f 41.214.132.12 (-):
. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball 27 of 32 3997bd9063
NEW none[4] none:none
none|none none trace

00:46:00 WinXP 80.221.33.171 (INET.FI):
BROADBAND ACCESS POOL,
HELSINKI, ETELA-SUOMEN LAANI, FI. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 32 fb39015df2
NEW none[4] none:none
PolyEnE| none trace

T:00:47:00 WinXP 210.187.156.45 (TM.NET.MY):
INFRA-TMNET,
IPOH, PERAK, MY. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 21 of 32 bec71ba83f
NEW none[4] none:none
PolyEnE| none trace

00:53:00 Win2K-f 117.201.83.85 (-):
. 85.114.137.60:65520 DE:proxim.ircgalaxy.pl
US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 28 of 32 dad909dd0c
NEW none[4] none:none
none|none none trace

T:00:55:00 Win2K-f 79.112.224.182 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:250 hits: 05-05 to 05-22] none[4] none:none
none|none none trace

01:08:00 WinXP 4.246.253.3 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
AUBURN, CALIFORNIA, US. (DIAL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1299 hits: 12-31 to 05-22] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:01:09:00 WinXP 88.246.56.124 (TTNET.NET.TR):
TT ADSL-METEKSAN DINAMIK_ACI,
ISTANBUL, ISTANBUL, TR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:01:10:00 WinXP 4.246.253.3 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
AUBURN, CALIFORNIA, US. (DIAL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1299 hits: 12-31 to 05-22] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:01:57:00 Win2K-f 88.240.174.48 (TTNET.NET.TR):
TT ADSL-ALCATEL_ACI,
BURSA, BURSA, TR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

02:05:00 WinXP 81.168.168.20 (NET.PL):
PROVIDER LOCAL REGISTRY,
PL. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

02:07:00 WinXP 83.97.194.240 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2993 hits: 12-31 to 05-22] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:02:10:00 WinXP 83.97.194.240 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2993 hits: 12-31 to 05-22] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

02:33:00 Win2K-f 212.117.53.52 (CHELLO.NL):
PROVIDER LOCAL REGISTRY,
NL. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:250 hits: 05-05 to 05-22] none[4] none:none
none|none none trace

02:35:00 WinXP 58.4.240.100 (UCOM.NE.JP):
KT,
JP. (100Mbps) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:53 hits: 04-29 to 05-22] none[4] none:none
none|none none trace

02:37:00 WinXP 119.17.105.170 (-):
. 85.114.137.60:80 DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 30 of 32 3f5ec58a6b
[Firefox:22 hits: 04-24 to 05-21] 4a77430a59 [0] ASM:Graph
PolyEnE| lines=70 trace

T:02:37:00 WinXP 91.125.101.107 (BRIGHTVIEW.COM):
BRIGHTVIEW GROUP LIMITED,
LONDON, ENGLAND, UK. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

03:10:00 WinXP 125.162.101.78 (-):
TLKM_D1_BB_SPEEDY_PG,
PALEMBANG, SUMATERA SELATAN, ID. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:250 hits: 05-05 to 05-22] none[4] none:none
none|none none trace

03:16:00 Win2K-f 124.105.133.158 (PLDT.NET):
BNKC7300I04_CONSUMER,
PH. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:03:17:00 Win2K-f 63.130.211.99 (CW.NET):
CABLE & WIRELESS AMERICAS OPERATIONS INC,
US. n/a 135 pcap raw alerts
ruleset other
261 lines Yeah : 0.8
profile none summary
tarball 4 of 32 1628787153
NEW none[3] none:none
EXECrypto| none trace

T:03:26:00 WinXP 85.96.201.158 (TTNET.NET.TR):
ADSL-ALC-GAYRETTEPE-STATIC POOL,
KONYA, NIGDE, TR. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

03:29:00 WinXP 87.70.240.214 (012.NET.IL):
GOLDEN LINES INTERNATIONAL COMMUNICATION SERVICES LTD,
IL. n/a 445 pcap raw alerts
ruleset shell
3 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

03:34:00 WinXP 122.26.131.214 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 85.114.137.60:65520 DE:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
IL:ymq.a1001186.wrs.mcboo.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
http
44 lines Yeah : 1.3
profile none summary
tarball 21 of 32
29 of 32 1f92e7b9e3
NEW
e7db505624
NEW 1f92e7b9e3 [1]
none [4] ASM:Graph
none:none
StarForce|
none|none lines=6
none trace
trace

03:40:00 Win2K-f 117.198.144.204 (-):
. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 32 e99b421746
NEW none[4] none:none
none|none none trace

03:47:00 WinXP 89.104.15.81 (WELLCOM.AT):
B.NET BURGENLAND TELEKOM GMBH,
GRAZ, STEIERMARK, AT. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 32 890fb4fa10
[Firefox:44 hits: 12-27 to 05-22] b9c7f08a57 [0] ASM:Graph
ASProtect| lines=393
embedded dns trace

T:03:52:00 WinXP 80.123.5.167 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
VIENNA, WIEN, AT. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:12:00 WinXP 201.74.92.217 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

04:13:00 Win2K-f 190.3.85.65 (TECHTELNET.NET):
TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A,
AR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:250 hits: 05-05 to 05-22] none[4] none:none
none|none none trace

T:04:13:00 WinXP 213.63.151.131 (SERVIDORPT.COM):
ARTELECOM,
PT. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

04:15:00 Win2K-f 79.211.98.203 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 75.127.96.88:5001 DE:cookie.roltf.ws
AT:195.149.115.132:5001 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
NEW none[4] none:none
Armadillo| none trace

04:23:00 WinXP 60.50.251.56 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:29:00 WinXP 218.208.197.147 (TM.NET.MY):
ADSL-STREAMYX-TMNET,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:04:30:00 Win2K-f 79.43.184.59 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

04:37:00 WinXP 82.172.64.158 (VERSATEL.NL):
VERSATEL CONSUMER IS ONE OF THE LARGEST ISP'S IN THE NETHERLANDS,
ROTTERDAM, ZUID-HOLLAND, NL. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

04:38:00 Win2K-f 91.186.219.216 (-):
CHAPAR RASANEH,
TEHRAN, TEHRAN, IR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:04:41:00 WinXP 124.13.1.133 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
MY. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:04:56:00 WinXP 217.85.203.143 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
ESSEN, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:05:07:00 WinXP 85.181.14.161 (ALICEDSL.DE):
HANSENET-ADSL,
MUNICH, BAYERN, DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:05:18:00 Win2K-f 83.103.200.161 (ASTRAL.RO):
ASTRAL-BR-AIPA,
RO. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 32 dc8e1c63cd
[Firefox:97 hits: 12-27 to 05-22] e0eb8646ee [0] ASM:Graph
none|none lines=601
embedded dns trace

05:19:00 WinXP 78.131.12.139 (-):
EMKTV BUDAPEST VLAN 10 DOCSIS,
BUDAPEST, BUDAPEST, HU. 209.250.232.240:7000 US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:05:26:00 WinXP 87.70.240.214 (012.NET.IL):
GOLDEN LINES INTERNATIONAL COMMUNICATION SERVICES LTD,
IL. n/a 445 pcap raw alerts
ruleset shell
4 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:32:00 WinXP 91.124.24.209 (UKRTEL.NET):
UKRTELECOM,
BROVARY, KYYIVS'KA OBLAST', UA. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

05:42:00 WinXP 151.54.107.194 (38-151.NET24.IT):
IUNET-BNET,
IT. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:05:50:00 Win2K-f 212.120.247.79 (-):
GIBNYNEX-NET,
GI. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:53 hits: 04-29 to 05-22] none[4] none:none
none|none none trace

T:05:56:00 WinXP 60.50.183.14 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
PUCHONG, SELANGOR, MY. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:59:00 Win2K-f 189.54.65.190 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

06:13:00 WinXP 92.112.32.95 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

06:18:00 Win2K-f 79.18.15.74 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

06:25:00 WinXP 91.58.249.13 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:53 hits: 04-29 to 05-22] none[4] none:none
none|none none trace

06:29:00 WinXP 91.135.249.53 (-):
AZTELEKOM,
AZ. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 22 of 32 fbe9691368
NEW none[4] none:none
none|none none trace

06:31:00 WinXP 91.200.98.140 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

06:46:00 Win2K-f 89.244.64.184 (VERSANETONLINE.DE):
VERSATEL NORD-DEUTSCHLAND GMBH,
DE. n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 32 d11443eb92
NEW none[4] none:none
none|none none trace

T:06:47:00 WinXP 38.117.68.78 (COGENTCO.COM):
PERFORMANCE SYSTEMS INTERNATIONAL INC,
US. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 31 8f808e3467
NEW none[4] none:none
none|none none trace

06:49:00 Win2K-f 212.120.247.79 (-):
GIBNYNEX-NET,
GI. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 30 76b4ab852e
[Firefox:53 hits: 04-29 to 05-22] none[4] none:none
none|none none trace

T:06:50:00 Win2K-f 204.95.48.216 (NEP.NET):
THE NORTH-EASTERN PENNSYLVANIA TELEPHONE COMPANY,
FOREST CITY, PENNSYLVANIA, US. n/a 445 pcap raw alerts
ruleset shell
4 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

07:11:00 Win2K-f 88.76.63.2 (ARCOR-IP.NET):
ARCOR-DSL-NET,
BERLIN, BERLIN, DE. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

07:26:00 Win2K-f 219.95.218.91 (TM.NET.MY):
ADSL-STREAMYX-TMNET,
MY. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000
CN:218.108.55.189:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

07:27:00 WinXP 85.24.168.31 (BAHNHOF.SE):
BAHNHOF INTERNET AB,
SE. n/a US:hail.dns2go.com
US:209.250.232.240:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:250 hits: 05-05 to 05-22] none[4] none:none
none|none none trace

07:36:00 WinXP 201.236.205.13 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
CALI, VALLE DEL CAUCA, CO. 209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
CN:218.108.55.189:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

07:37:00 Win2K-f 89.124.89.205 (IRISHBROADBAND.IE):
ESB CLAREGALWAY CUSTOMER EXPANSION,
IE. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000
CN:218.108.55.189:7000
CN:222.177.11.165:7000
US:65.117.119.162:7000
SA:89.108.27.177:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

07:38:00 WinXP 213.22.179.147 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PT. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000
CN:218.108.55.189:7000
CN:222.177.11.165:7000
US:63.149.6.91:7000
SA:89.108.27.177:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:07:46:00 WinXP 87.205.161.7 (INETIA.PL):
INTERNETIA,
PL. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

08:03:00 WinXP 122.18.133.42 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:608 hits: 07-11 to 05-22] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:08:15:00 WinXP 88.204.195.14 (METRO.ONLINE.KZ):
JSC KAZAKHTELECOM KARAGANDA AFFILIATE,
KARAGANDA, QARAGHANDY, KZ. n/a US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
23 lines Yeah : 0.8
profile none summary
tarball 22 of 32 62c9e91db4
NEW none[4] none:none
none|none none trace

08:20:00 WinXP 12.77.254.58 (ATT.NET):
AT&T WORLDNET SERVICES,
HOLLYWOOD, FLORIDA, US. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:393 hits: 12-31 to 05-21] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:08:25:00 Win2K-f 189.52.53.95 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
19 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:08:35:00 WinXP 189.42.166.245 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
22 lines Yeah : 0.8
profile none summary
tarball 28 of 32 38c1892a84
NEW none[4] none:none
none|none none trace

08:36:00 Win2K-f 79.186.161.123 (TPNET.PL):
TPSA,
PL. n/a US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

T:08:58:00 WinXP 89.246.109.242 (VERSANETONLINE.DE):
VERSATEL NORD-DEUTSCHLAND GMBH,
DE. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
18 lines Yeah : 0.8
profile none summary
tarball 27 of 32 20dd344766
NEW none[4] none:none
none|none none trace

T:09:00:00 Win2K-f 117.195.3.14 (-):
. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 24 of 32 e25ac584b7
NEW none[4] none:none
none|none none trace

T:09:22:00 WinXP 79.0.45.135 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
ROME, LAZIO, IT. 85.114.137.60:65520 DE:proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 30 of 32 ec82348c4c
NEW none[4] none:none
FSG| none trace

09:29:00 WinXP 82.200.226.221 (DIAL.ONLINE.KZ):
JSC KAZAKHTELECOM TARAZ AFFILIATE,
KZ. (DIAL) 85.114.137.60:65520 DE:proxim.ircgalaxy.pl
US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 27 of 32 22d5ab2643
NEW none[4] none:none
none|none none trace

09:36:00 Win2K-f 89.218.5.27 (-):
ALMATYTELECOM,
KZ. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:51:00 WinXP 189.28.195.98 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:2993 hits: 12-31 to 05-22] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

10:15:00 Win2K-f 190.172.252.51 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:38:00 Win2K-f 83.136.113.189 (TTKNET.RU):
JSC URALSVIAZINFORM TYUMEN BRANCH,
SURGUT, KHANTY-MANSIYSKIY AVTONOMNYY OKRUG, RU. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:39:00 WinXP 91.42.114.59 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 85.114.137.60:65520 DE:proxim.ircgalaxy.pl
US:scorti1.dns2go.com
DE:dl2.teenpassage.com
IL:ymq.a1001186.wrs.mcboo.com
IL:194.90.224.86:80
CN:222.177.11.165:7000
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
irc
http
54 lines Yeah : 1.3
profile none summary
tarball 21 of 32
29 of 32 1f92e7b9e3
NEW
bd24da5b0c
NEW 1f92e7b9e3 [1]
none [4] ASM:Graph
none:none
StarForce|
ASProtect| lines=6
none trace
trace

10:41:00 WinXP 85.26.39.6 (217-117-34-10.TELEDISNET.BE):
TELEDISNET ISP,
BE. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

10:51:00 Win2K-f 190.7.147.9 (-):
EMTELSA S.A. E.S.P,
MANIZALES, CALDAS, CO. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
169 lines Yeah : 0.8
profile none summary
tarball 21 of 31 f3c3478952
[Firefox: 3 hits: 04-30 to 05-17] none[4] none:none
none|none none trace

T:11:17:00 Win2K-f 91.65.197.104 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 69.42.216.90:9890 :www.google.com
:f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:11:19:00 WinXP 119.72.0.64 (-):
. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:11:20:00 WinXP 67.76.247.16 (EMBARQHSD.NET):
EMBARQ CORPORATION,
US. 85.114.137.60:65520 69.42.216.90:9890 DE:proxim.ircgalaxy.pl
:f.unicat.org
69.42.216.90:9890
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 32 9f536e3f54
NEW none[4] none:none
ASProtect| none trace

11:23:00 WinXP 119.72.0.64 (-):
. 69.42.216.90:9890 :www.google.com
:f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

11:24:00 WinXP 91.65.27.187 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:26:00 Win2K-f 91.66.49.222 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:11:26:00 Win2K-f 24.103.6.76 (-):
. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

11:28:00 WinXP 89.136.76.121 (-):
ASTRAL BRAILA DOCSIS,
RO. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

11:29:00 WinXP 81.247.79.254 (ISP.BELGACOM.BE):
SKYNET-ADSL,
CHARLEROI, HAINAUT, BE. (DSL) 69.42.216.90:9890 :www.google.com
:f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

11:33:00 Win2K-f 82.224.11.41 (PROXAD.NET):
PROXAD / FREE SAS,
TOULOUSE, MIDI-PYRENEES, FR. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:11:35:00 Win2K-f 91.64.99.225 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 69.42.216.90:9890 :www.google.com
:f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

11:47:00 Win2K-f 90.151.186.201 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. n/a US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 31 cb89ccfe52
[Firefox:12 hits: 04-29 to 05-17] 881f6fa4b7 [0] ASM:Graph
TXT2COM| lines=406
embedded dns trace

T:11:47:00 WinXP 88.134.247.65 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

11:47:00 WinXP 121.113.72.123 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

11:47:00 WinXP 91.64.99.225 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 69.42.216.90:9890 :www.google.com
:f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:11:53:00 Win2K-f 93.124.41.62 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:57:00 WinXP 212.233.234.231 (-):
NTL,
FR. n/a :www.google.com 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:02:00 Win2K-f 80.232.250.94 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

12:02:00 Win2K-f 86.106.85.54 (CELLNET.RO):
SC CELL-NET GRUP SRL,
RO. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:12:04:00 WinXP 91.66.14.145 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 69.42.216.90:9890 :f.unicat.org
:www.google.com
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:12:09:00 Win2K-f 79.211.246.114 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

12:11:00 WinXP 213.39.213.92 (HANSENET.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:15:00 WinXP 89.252.36.170 (-):
FREENET,
UA. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

12:17:00 WinXP 79.211.246.114 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 69.42.216.90:9890 :www.google.com
:f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

12:18:00 Win2K-f 93.124.41.62 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

12:26:00 Win2K-f 93.124.38.190 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

12:26:00 Win2K-f 91.66.39.214 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:12:33:00 Win2K-f 89.136.28.97 (UPCNET.RO):
ASTRAL-UPC FOCSANI,
TIMISOARA, TIMIS, RO. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

12:49:00 WinXP 89.252.4.179 (FREENET.COM.UA):
FOR FREENET CUSTOMERS AND INFRASTRUCTURE,
KIEV, MISTO KYYIV, UA. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

12:56:00 Win2K-f 89.136.28.97 (UPCNET.RO):
ASTRAL-UPC FOCSANI,
TIMISOARA, TIMIS, RO. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

12:59:00 Win2K-f 88.134.247.65 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

13:01:00 WinXP 78.59.124.211 (ZEBRA.LT):
LIETUVOS,
LT. n/a :www.google.com
US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 0.8
profile none summary
tarball 28 of 32 ea8c4c6865
NEW none[4] none:none
none|none none trace

13:09:00 Win2K-f 91.66.14.145 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

13:18:00 Win2K-f 124.123.163.153 (-):
. n/a US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

13:19:00 WinXP 92.112.151.142 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a US:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 0.8
profile none summary
tarball 22 of 31 f0e02bee5f
[Firefox: 6 hits: 04-27 to 05-21] none[4] none:none
none|none none trace

13:24:00 WinXP 189.48.28.101 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

13:49:00 Win2K-f 91.67.65.51 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 222.177.11.165:7000 US:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 28 of 32 34d28cbf91
NEW none[4] none:none
ASProtect| none trace

13:53:00 WinXP 82.241.191.112 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 85.114.137.60:65520 DE:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
DE:85.114.137.60:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 32 9a331ca0d6
NEW none[4] none:none
PolyEnE| none trace

13:54:00 Win2K-f 75.137.152.26 (CHARTER.COM):
CHARTER COMMUNICATIONS,
CARROLLTON, GEORGIA, US. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:229 hits: 03-31 to 05-20] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

14:03:00 WinXP 79.184.28.219 (TPNET.PL):
TPSA,
PL. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:15:00 WinXP 92.114.163.113 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 85.114.137.60:65520 DE:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 31 of 33 181239b848
NEW none[4] none:none
PolyEnE| none trace

14:30:00 WinXP 79.138.251.109 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 18 of 32 b4ad631671
[Firefox:12 hits: 04-29 to 05-20] 5890f017cc [0] ASM:Graph
StarForce| lines=28 trace

14:48:00 Win2K-f 189.63.7.138 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

15:10:00 WinXP 190.173.88.207 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

15:14:00 WinXP 193.126.161.179 (NET.KPNQWEST.PT):
KPNQWEST PORTUGAL / IOL ISP,
PT. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

15:38:00 Win2K-f 201.196.58.96 (ICE.CO.CR):
INSTITUTO COSTARRICENSE DE ELECTRICIDAD Y TELECOM,
SAN JOSE, SAN JOSE, CR. n/a US:scorti1.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 0.8
profile none summary
tarball 22 of 32 dc8e1c63cd
[Firefox:97 hits: 12-27 to 05-22] e0eb8646ee [0] ASM:Graph
none|none lines=601
embedded dns trace

15:56:00 Win2K-f 200.118.229.86 (CABLE.NET.CO):
TV CABLE S.A,
SANTAFé DE BOGOTá, DISTRITO CAPITAL, CO. (DSL) n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 18 of 32 7e28dac8de
[Firefox:25 hits: 04-27 to 05-22] none[4] none:none
none|none none trace

16:03:00 WinXP 201.236.214.54 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
MANIZALES, CALDAS, CO. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

16:23:00 WinXP 123.48.141.100 (R-123-48-0-10.COMMUFA.JP):
CHUBU TELECOMMUNICATIONS CO. INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:608 hits: 07-11 to 05-22] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:16:23:00 WinXP 165.154.153.14 (AURACOM.NET):
HOOKUP COMMUNICATIONS,
NEWMARKET, ONTARIO, CA. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:277 hits: 05-01 to 05-18] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

T:16:27:00 Win2K-f 86.138.255.65 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 14 of 32 a2a036466a
[Firefox:250 hits: 05-05 to 05-22] none[4] none:none
none|none none trace

T:16:48:00 WinXP 24.82.35.70 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a :www.google.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

17:19:00 WinXP 77.232.97.228 (-):
INTERNATIONAL COMPUTER COMPANY LTD,
MANILA, MANILA, PH. n/a 445 pcap raw alerts
ruleset ftp
22 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:22:00 Win2K-f 200.119.53.170 (ETB.NET.CO):
ETB - COLOMBIA,
SANTAFé DE BOGOTá, DISTRITO CAPITAL, CO. (DSL) n/a US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 0.8
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

17:28:00 WinXP 190.135.133.80 (-):
. 222.177.11.165:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 29 of 32 d88ce21f56
NEW none[4] none:none
none|none none trace

17:47:00 WinXP 210.147.69.175 (MESH.AD.JP):
C&C INTERNET SERVICE MESH(NEC CORPORATION),
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:393 hits: 12-31 to 05-21] 048df78048 [0] ASM:Graph
none|none lines=61 trace

17:53:00 WinXP 211.14.41.186 (HI-HO.NE.JP):
PANASONIC NETWORK SERVICES INC,
TOKYO, TOKYO, JP. 222.177.11.165:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
CN:222.177.11.165:7000 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 21 of 32 5f78ff609d
[Firefox:1451 hits: 04-27 to 05-22] d4a06bdc3a [0] ASM:Graph
none|none lines=4 trace

17:54:00 WinXP 24.59.12.143 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ROME, NEW YORK, US. n/a EU:siliconfireware.ru
:www.proxy-socks.net
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
8 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1026 hits: 05-01 to 05-22] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

18:07:00 Win2K-f 190.11.21.219 (ANDINANET.NET):
ANDINATEL S.A,
EC. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:09:00 WinXP 24.193.79.28 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW YORK, NEW YORK, US. n/a RU:moscow-advokat.ru
SE:viking.dal.net
:brussels.be.eu.undernet.org
NO:london.uk.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1299 hits: 12-31 to 05-22] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace