Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

18 August 2011
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:01:28:00 WinXP 180.147.65.8 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 40 of 43 1f696b3088
NEW none[none] none:none
none|none none none

T:02:06:00 WinXP 14.96.137.225 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
99 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:04:03:00 WinXP 24.40.91.95 (SPEAKEASY.NET):
PHILADELPHIA, PENNSYLVANIA, US. (DSL) n/a :gg.arrancar.org 135 pcap raw alerts
ruleset other
144 lines Yeah : 1.3
profile none summary
tarball 39 of 40 10980f4df2
NEW 1fd3385a95 [0] ASM:Graph
none|none lines=556 trace

T:04:24:00 WinXP 58.0.48.7 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
KYOTO, KYOTO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 40 of 41 eb33ccfff8
NEW e732a43be0 [0] ASM:Graph
none|none lines=58 trace

T:05:09:00 Win2K-f 109.86.127.10 (JWS.COM):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:05:12:00 Win2K-f 109.226.89.145 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

T:05:41:00 Win2K-f 91.211.18.40 (DIDAN.NET.UA):
KHARDIKOV NIKOLAY NIKOLAYEVICH,
DONETSK, DONETS'KA OBLAST', UA. (DSL) n/a IR:cunts.no-ip.org
IR:91.98.146.3:6667 135 pcap raw alerts
ruleset irc
425 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:05:41:00 WinXP 89.103.65.19 (KARNEVAL.CZ):
UPC CESKA REPUBLIKA A.S,
PRAGUE, HLAVNI MESTO PRAHA, CZ. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org
IR:91.98.146.3:6667 135 pcap raw alerts
ruleset irc
427 lines Yeah : 1.3
profile none summary
tarball 0 of 34 a1db003660
NEW none[none] none:none
none|none none none

T:05:42:00 Win2K-f 115.211.25.40 (HZ.ZJ.CN):
CHINANET ZHEJIANG PROVINCE NETWORK,
BEIJING, BEIJING, CN. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org 135 pcap raw alerts
ruleset irc
429 lines Yeah : 1.3
profile none summary
tarball 0 of 34 a1db003660
NEW none[none] none:none
none|none none none

T:05:45:00 WinXP 85.236.184.56 (SAMARALAN.RU):
TAHION,
MOSCOW, MOSCOW CITY, RU. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org
IR:91.98.146.3:6667 135 pcap raw alerts
ruleset irc
680 lines Yeah : 1.3
profile none summary
tarball 41 of 44 7d2e5a0c76
NEW none[none] none:none
none|none none none

T:05:45:00 WinXP 189.8.14.122 (UNITELCO.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org
IR:91.98.146.3:6667 135 pcap raw alerts
ruleset irc
432 lines Yeah : 1.3
profile none summary
tarball 0 of 34 a1db003660
NEW none[none] none:none
none|none none none

T:05:47:00 WinXP 174.42.168.64 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - WARRENSVILLE HEIGHTS,
SALISBURY, NORTH CAROLINA, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru
:adult-empire.com 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

05:55:00 WinXP 174.42.168.64 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - WARRENSVILLE HEIGHTS,
SALISBURY, NORTH CAROLINA, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:05:58:00 WinXP 89.102.45.137 (KARNEVAL.CZ):
KARNEVAL MEDIA DECIN 6 - PUBLIC,
PLZEN, PLZENSKY KRAJ, CZ. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org
IR:91.98.146.3:6667 135 pcap raw alerts
ruleset irc
670 lines Yeah : 1.3
profile none summary
tarball 0 of 34 a1db003660
NEW none[none] none:none
none|none none none

T:05:59:00 Win2K-f 24.155.19.108 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS ODESSA HUB,
MIDLAND, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

06:07:00 WinXP 91.211.18.40 (DIDAN.NET.UA):
KHARDIKOV NIKOLAY NIKOLAYEVICH,
DONETSK, DONETS'KA OBLAST', UA. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org
IR:91.98.146.3:6667 135 pcap raw alerts
ruleset irc
428 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:06:14:00 Win2K-f 78.102.61.138 (UPC.CZ):
UPC BROADBAND INTERNET SERVICES,
PRAGUE, HLAVNI MESTO PRAHA, CZ. (DSL) n/a :gg.arrancar.org
:gopur.org
:mx2.yandex.ru
US:hitflashtemplate.com
US:forgedwheelsource.com
FR:www.dawawin.com
:equrancenter.com
:www.ideaworxz.com
TR:hidiryeniay.com
:kroochawalit.in.th
BR:lunicorte.com.br
118.136.131.163:3661
125.165.44.187:3719
US:130.107.130.187:3475
182.179.69.211:1283
CM:41.204.73.247:3029 135 pcap raw alerts
ruleset http
297 lines Yeah : 0.8
profile none summary
tarball 38 of 44 426e4df703
NEW none[none] none:none
none|none none none

T:06:14:00 Win2K-f 94.113.56.70 (UPC.CZ):
UPC CESKA REPUBLICA A.S,
BRNO, JIHOMORAVSKY KRAJ, CZ. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org
IR:91.98.146.3:6667 135 pcap raw alerts
ruleset irc
433 lines Yeah : 1.3
profile none summary
tarball 0 of 34 a1db003660
NEW none[none] none:none
none|none none none

T:06:14:00 WinXP 189.203.36.226 (NIC-R2-R1-MTY.NIC.MX):
NETWORK INFORMATION CENTER MEXICO,
MX. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org
IR:91.98.146.3:6667 135 pcap raw alerts
ruleset irc
430 lines Yeah : 1.3
profile none summary
tarball 0 of 34 a1db003660
NEW none[none] none:none
none|none none none

06:21:00 Win2K-f 78.102.61.138 (UPC.CZ):
UPC BROADBAND INTERNET SERVICES,
PRAGUE, HLAVNI MESTO PRAHA, CZ. (DSL) n/a :gg.arrancar.org
:gopur.org
EU:mx1.yandex.ru
US:hitflashtemplate.com
US:forgedwheelsource.com
FR:www.dawawin.com
:equrancenter.com
:www.ideaworxz.com
TR:hidiryeniay.com
:kroochawalit.in.th
:defendmyname-history.com
IN:www.biomedicalconsultant.com
US:indiapowershow.com
CA:best-music.ro
:bugrahanmobilya.com
:www.jandegelinlik.com
US:130.107.218.63:5549
ID:202.152.243.22:7234
41.107.31.24:2062
92.81.106.195:2130
92.86.199.88:4823 135 pcap raw alerts
ruleset http
298 lines Yeah : 0.8
profile none summary
tarball 38 of 44 426e4df703
NEW none[none] none:none
none|none none none

06:31:00 WinXP 89.42.149.127 (-):
SC EL NICO SRL,
BUCHAREST, BUCURESTI, RO. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org 135 pcap raw alerts
ruleset irc
448 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:06:43:00 WinXP 218.168.6.233 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org
IR:91.98.146.3:6667 135 pcap raw alerts
ruleset irc
446 lines Yeah : 1.3
profile none summary
tarball 35 of 40 7ab614a778
NEW none[none] none:none
none|none none none

06:43:00 WinXP 189.8.14.122 (UNITELCO.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org 135 pcap raw alerts
ruleset irc
435 lines Yeah : 1.3
profile none summary
tarball 0 of 34 a1db003660
NEW none[none] none:none
none|none none none

T:06:52:00 WinXP 119.154.150.31 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
ISLAMABAD, ISLAMABAD, PK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 43 9c583a7af3
NEW none[none] none:none
none|none none none

06:53:00 WinXP 78.248.196.193 (PROXAD.NET):
PROXAD INTERNET SERVICE PROVIDER IN FRANCE,
FR. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org 135 pcap raw alerts
ruleset irc
428 lines Yeah : 1.3
profile none summary
tarball 0 of 34 a1db003660
NEW none[none] none:none
none|none none none

T:06:57:00 Win2K-f 49.145.104.81 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:07:57:00 WinXP 27.97.200.202 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 39 of 44 a02cf2137a
NEW none[none] none:none
none|none none none

T:08:12:00 WinXP 122.146.240.165 (SPARQNET.NET):
NEW CENTRY INFOCOM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:08:13:00 WinXP 110.12.45.143 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 94.63.149.150:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
:shabi.coolnuff.com
CN:w.nucleardiscover.com
CN:hn.yigeyuming.com
:a.95622.com
:ru.coolnuff.com
:1.95622.com
US:armen.com
US:images.smartname.com
CN:60.190.223.75:888 135 pcap raw alerts
ruleset irc
http
182 lines Yeah : 1.8
profile none summary
tarball 15 of 42
30 of 33
28 of 33
19 of 44
37 of 43
23 of 43
20 of 44 3420de55b8
NEW
533d15b5ce
NEW
58c343a8d8
NEW
6512904d10
NEW
69f32b85f1
NEW
88ef975791
NEW
d9318bac86
NEW none[none]
c67adf46e2[0]
none [0]
none [none]
none [none]
none [none]
none [none] none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none|none
tElock|
Armadillo|
none|none
none|none
none|none
none|none none
lines=126
embedded dns
lines=91
none
none
none
none none
trace
trace
none
none
none
none

T:09:12:00 WinXP 190.132.110.209 (ANTELDATA.NET.UY):
ANCEL,
UY. (DIAL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 40 of 40 65db8c1d0d
NEW none[none] none:none
none|none none none

T:10:11:00 WinXP 202.179.226.173 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 bab3e2f199
NEW
e8b0a286dd
NEW ce51be97e5 [0]
f189cda1ab[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

10:27:00 Win2K-f 189.19.205.77 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) 91.98.146.3:6667 IR:cunts.no-ip.org
IR:91.98.146.3:6667 135 pcap raw alerts
ruleset irc
468 lines Yeah : 1.3
profile none summary
tarball 0 of 34 a1db003660
NEW none[none] none:none
none|none none none

T:10:35:00 WinXP 4.225.212.192 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DENVER, COLORADO, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:58:00 Win2K-f 120.138.178.168 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
40 of 41 6a1dc43309
NEW
94e49d5627
NEW 522dace6c1 [0]
777259292a[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:12:01:00 WinXP 178.36.237.25 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 aad01847fa
NEW none[none] none:none
none|none none none

T:12:10:00 Win2K-f 50.83.48.245 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 40
38 of 40 474acf88e5
NEW
68f0c14692
NEW 1f53944b24 [0]
ccc1b24d53[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:13:00:00 Win2K-f 70.65.236.113 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
LETHBRIDGE, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
1008 lines Yeah : 1.3
profile none summary
tarball 31 of 41 682a384fe9
NEW none[3] none:none
none|none none trace

14:03:00 WinXP 82.81.35.252 (BEZEQINT.NET):
ADSL-CUSTOMER-CONNECTION,
JERUSALEM, YERUSHALAYIM, IL. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:15:32:00 WinXP 217.203.129.82 (-):
TELECOM ITALIA MOBILE,
ROME, LAZIO, IT. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 42 3977189133
NEW none[none] none:none
none|none none none

T:15:46:00 WinXP 187.82.241.67 (CAMPUSEAI.ORG):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 42 3977189133
NEW none[none] none:none
none|none none none

T:17:08:00 WinXP 50.27.233.88 (-):
. n/a :siliconfireware.ru
:wpad
GB:welcome3.smile.co.uk
GB:195.92.84.198:80 445 pcap raw alerts
ruleset http
http
http
3 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
NEW none[0] none:none
ASPack| lines=298
embedded dns trace

T:17:17:00 WinXP 109.52.140.92 (JWS.COM):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 1096ba143e
NEW none[none] none:none
none|none none none

T:18:01:00 WinXP 190.209.49.206 (-):
TELMEX CHILE S.A HFC,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 42 03d5d9f543
NEW none[none] none:none
none|none none none

T:18:01:00 Win2K-f 186.182.192.123 (-):
. n/a 445 pcap raw alerts
ruleset ftp
336 lines Yeah : 0.8
profile none summary
tarball 29 of 44 8ee942fb4d
NEW none[none] none:none
none|none none none

T:18:01:00 WinXP 41.251.160.117 (IAM.NET.MA):
AFRINIC,
MARRAKESH, MARRAKECH, MA. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:02:00 Win2K-f 186.36.148.234 (CHILESAT.NET):
TELMEX SERVICIOS EMPRESARIALES S.A,
CL. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 6 of 42 ab091de260
NEW none[none] none:none
none|none none none

T:18:11:00 Win2K-f 186.180.41.144 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:21:00 WinXP 190.105.37.81 (NET.AR):
VER TV S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
13 lines Yeah : 0.8
profile none summary
tarball 41 of 44 a62c00ca13
NEW none[none] none:none
none|none none none

T:18:25:00 WinXP 186.15.145.68 (CT.CO.CR):
CABLE TICA,
CR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:33:00 Win2K-f 41.251.140.47 (IAM.NET.MA):
AFRINIC,
MARRAKESH, MARRAKECH, MA. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:18:45:00 WinXP 186.92.86.127 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

18:58:00 Win2K-f 190.145.16.229 (CABLE.NET.CO):
TELMEX COLOMBIA S.A,
CO. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 42 03d5d9f543
NEW none[none] none:none
none|none none none

T:19:22:00 Win2K-f 190.209.112.64 (-):
TELMEX CHILE S.A HFC,
CL. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 18 of 43 762e448e27
NEW none[none] none:none
none|none none none

T:19:32:00 WinXP 118.232.18.247 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
NEW 473c6454ce [0] ASM:Graph
PolyEnE| lines=68 trace

T:19:41:00 Win2K-f 190.208.110.47 (-):
TELMEX CHILE S.A HFC,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 30 of 43 b8309214df
NEW none[none] none:none
none|none none none

T:19:45:00 WinXP 49.145.114.229 (-):
. n/a 135 pcap raw alerts
ruleset other
21 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:20:14:00 WinXP 186.109.66.172 (-):
. n/a 445 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:20:17:00 WinXP 186.23.34.252 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:20:21:00 Win2K-f 186.36.162.104 (CHILESAT.NET):
TELMEX SERVICIOS EMPRESARIALES S.A,
CL. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:20:30:00 WinXP 186.19.245.245 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 29 of 44 22577e4343
NEW none[none] none:none
none|none none none

T:20:31:00 WinXP 190.181.44.218 (ACELERATE.NET):
AES COMMUNICATIONS BOLIVIA S.A,
LA PAZ, LA PAZ, BO. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 29 of 44 d4a771676c
NEW none[none] none:none
none|none none none

T:20:40:00 Win2K-f 190.105.92.138 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 44 d4a771676c
NEW none[none] none:none
none|none none none

20:49:00 Win2K-f 190.181.44.218 (ACELERATE.NET):
AES COMMUNICATIONS BOLIVIA S.A,
LA PAZ, LA PAZ, BO. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 44 d4a771676c
NEW none[none] none:none
none|none none none

T:20:56:00 WinXP 190.220.103.119 (NET.AR):
TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A,
AR. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 6 of 42 ab091de260
NEW none[none] none:none
none|none none none

20:56:00 WinXP 190.105.92.138 (-):
. n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 44 d4a771676c
NEW none[none] none:none
none|none none none

T:20:57:00 Win2K-f 190.228.251.37 (NET.AR):
TELECOM ARGENTINA S.A,
AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 44 5a159147b8
NEW none[none] none:none
none|none none none

T:21:06:00 Win2K-f 190.208.97.36 (-):
TELMEX CHILE S.A HFC,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 18 of 43 762e448e27
NEW none[none] none:none
none|none none none

T:21:14:00 WinXP 190.55.97.68 (190.IN-ADDR.ARPA):
TELECENTRO S.A. - CLIENTES RESIDENCIALES,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 29 of 44 d4a771676c
NEW none[none] none:none
none|none none none

T:21:39:00 Win2K-f 92.113.28.63 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
ZAPORIZHZHYA, ZAPORIZ'KA OBLAST', UA. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 44 a09b115a23
NEW none[none] none:none
none|none none none

T:21:46:00 Win2K-f 190.227.139.85 (NET.AR):
TELECOM PERSONAL BS AS,
AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

21:57:00 WinXP 190.181.177.74 (-):
. n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

T:22:02:00 Win2K-f 178.217.163.35 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

22:08:00 Win2K-f 190.208.97.36 (-):
TELMEX CHILE S.A HFC,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 18 of 43 762e448e27
NEW none[none] none:none
none|none none none

T:22:12:00 Win2K-f 186.56.146.129 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 41 of 44 9330f7570a
NEW none[none] none:none
none|none none none

T:22:33:00 Win2K-f 31.28.46.159 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

T:22:42:00 Win2K-f 109.226.101.61 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 31 of 43 4c388ca8ba
NEW none[none] none:none
none|none none none

22:48:00 WinXP 190.181.176.149 (-):
. n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 43 b8309214df
NEW none[none] none:none
none|none none none

T:22:56:00 WinXP 186.255.26.196 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:22:59:00 Win2K-f 188.122.251.104 (-):
RU-AIST,
RU. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 44 4999a93b90
NEW none[none] none:none
none|none none none

T:23:24:00 WinXP 94.198.219.159 (ARTEM-CATV.RU):
JSC ARTEMOVSKOYE INTERAKTIVNOE TELEVIDENIE,
ARTEM, PRIMOR'YE, RU. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 30 of 43 b8309214df
NEW none[none] none:none
none|none none none