Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

19 August 2011
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:05:00 WinXP 120.138.175.125 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
40 of 41 6a1dc43309
NEW
94e49d5627
NEW 522dace6c1 [0]
777259292a[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:00:13:00 WinXP 176.8.18.252 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 30 of 43 b8309214df
NEW none[none] none:none
none|none none none

T:00:24:00 Win2K-f 176.8.34.123 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 31 of 43 4c388ca8ba
NEW none[none] none:none
none|none none none

T:00:25:00 WinXP 27.122.77.162 (-):
. n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:00:28:00 WinXP 109.226.104.111 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 31 of 43 4c388ca8ba
NEW none[none] none:none
none|none none none

00:38:00 Win2K-f 190.134.15.151 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 36 of 41 feb54fbcd2
NEW none[none] none:none
none|none none none

T:00:44:00 Win2K-f 178.217.164.53 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 15 of 42 a493ca51d5
NEW none[none] none:none
none|none none none

T:00:48:00 WinXP 190.208.68.118 (-):
TELMEX CHILE S.A HFC,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 29 of 44 d4a771676c
NEW none[none] none:none
none|none none none

T:00:48:00 WinXP 188.237.82.232 (RIPE.NET):
EUROPEAN REGIONAL REGISTRY,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:01:01:00 WinXP 92.113.185.125 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
KHARKIV, KHARKIVS'KA OBLAST', UA. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 41 of 44 a09b115a23
NEW none[none] none:none
none|none none none

T:01:20:00 Win2K-f 217.80.115.71 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
PADERBORN, NORDRHEIN-WESTFALEN, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:01:33:00 Win2K-f 92.113.176.121 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
KIEV, KYYIV, UA. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 41 of 44 a09b115a23
NEW none[none] none:none
none|none none none

T:01:36:00 WinXP 115.165.33.188 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
TOKYO, TOKYO, JP. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:01:37:00 WinXP 92.113.32.9 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
ZAPORIZHZHYA, ZAPORIZ'KA OBLAST', UA. (DIAL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 41 of 44 a09b115a23
NEW none[none] none:none
none|none none none

T:01:47:00 WinXP 212.79.121.169 (-):
INFOMAX SATELLITE NETWORK,
KARACHI, SINDH, PK. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

02:05:00 WinXP 178.217.165.47 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

T:02:05:00 WinXP 2.193.32.255 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 38 of 42 8a2553433c
NEW none[none] none:none
none|none none none

T:02:12:00 Win2K-f 186.110.109.207 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 41 of 44 b1b43173b0
NEW none[none] none:none
none|none none none

02:14:00 WinXP 212.79.121.169 (-):
INFOMAX SATELLITE NETWORK,
KARACHI, SINDH, PK. (DSL) n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:02:27:00 WinXP 46.37.73.113 (-):
. n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:03:17:00 WinXP 65.113.116.123 (TRANQUILITY.NET):
CORAL WIRELESS LLC,
HONOLULU, HAWAII, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 41 e92ed9f79c
NEW none[none] none:none
none|none none none

T:03:27:00 WinXP 31.147.184.8 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 88f3393e20
NEW none[none] none:none
none|none none none

T:03:27:00 WinXP 31.28.46.159 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

T:03:40:00 WinXP 115.81.149.95 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:03:53:00 Win2K-f 41.242.157.148 (TELKOMADSL.CO.ZA):
AFRINIC,
DURBAN, KWAZULU-NATAL, ZA. (DSL) n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 14 of 44 69cd486510
NEW none[none] none:none
none|none none none

T:03:58:00 Win2K-f 186.110.229.162 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 24 of 43 d9c8bc5548
NEW none[none] none:none
none|none none none

T:03:58:00 Win2K-f 186.110.113.80 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 44 b1b43173b0
NEW none[none] none:none
none|none none none

T:04:04:00 WinXP 223.19.224.214 (-):
. n/a DE:citi-bank.ru
:adult-empire.com 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 5f186aa322
NEW none[none] none:none
none|none none none

T:04:07:00 WinXP 31.41.9.80 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

04:09:00 Win2K-f 41.251.115.115 (IAM.NET.MA):
AFRINIC,
MA. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 43 4c388ca8ba
NEW none[none] none:none
none|none none none

04:16:00 WinXP 93.102.35.155 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
COIMBRA, COIMBRA, PT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

04:24:00 WinXP 186.255.26.196 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:04:27:00 WinXP 178.217.161.27 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 15 of 42 a493ca51d5
NEW none[none] none:none
none|none none none

04:53:00 Win2K-f 186.110.113.80 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 44 b1b43173b0
NEW none[none] none:none
none|none none none

T:05:01:00 Win2K-f 218.168.5.22 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 43 e9cb65d408
NEW none[none] none:none
none|none none none

T:05:06:00 WinXP 211.58.199.95 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 83.133.119.197:65520 :proxima.ircgalaxy.pl
US:microsoft.com
:shabi.coolnuff.com
DE:nocomcom.com
:mewgost.com
115.96.56.215:3128
116.71.26.41:3128
KE:41.223.57.75:3128
41.32.53.74:3128
CN:59.48.7.168:3128
CN:59.48.7.173:3128
CA:74.115.3.63:3128
UA:77.121.241.91:3128
KZ:87.247.53.237:3128
92.112.78.120:3128
94.252.176.24:3128
95.57.228.89:3128
95.59.231.39:3128 135 pcap raw alerts
ruleset irc
http
163 lines Yeah : 1.8
profile none summary
tarball 33 of 35
25 of 41
40 of 42
29 of 43 09d6505627
NEW
210f20503a
NEW
55249eab15
NEW
564048b35d
NEW 5c860f7b2f [0]
none [none]
none [none]
none [none] ASM:Graph
none:none
none:none
none:none
tElock|
none|none
none|none
none|none lines=112
embedded dns
none
none
none trace
none
none
none

T:05:23:00 Win2K-f 217.129.63.24 (FF-217-129-40-10.NETVISAO.PT):
CABOVISAO SA,
LISBON, LISBOA, PT. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:05:26:00 WinXP 109.52.213.116 (JWS.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 41 of 43 0f77d6439f
NEW none[none] none:none
none|none none none

T:05:29:00 Win2K-f 189.19.205.77 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:05:30:00 WinXP 186.19.165.157 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

T:05:33:00 WinXP 181.0.29.64 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.3
profile none summary
tarball 24 of 43 d9c8bc5548
NEW none[none] none:none
none|none none none

05:42:00 WinXP 188.122.230.114 (-):
RU-AIST,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:05:43:00 WinXP 109.226.77.13 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:43:00 Win2K-f 176.8.34.123 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 43 4c388ca8ba
NEW none[none] none:none
none|none none none

T:05:48:00 Win2K-f 190.158.167.127 (DAVITA.COM):
TV CABLE S.A,
SANTAFé DE BOGOTá, DISTRITO ESPECIAL, CO. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 43 21e2908a4a
NEW none[none] none:none
none|none none none

05:48:00 Win2K-f 217.129.63.24 (FF-217-129-40-10.NETVISAO.PT):
CABOVISAO SA,
LISBON, LISBOA, PT. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

05:49:00 WinXP 190.158.167.127 (DAVITA.COM):
TV CABLE S.A,
SANTAFé DE BOGOTá, DISTRITO ESPECIAL, CO. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 43 21e2908a4a
NEW none[none] none:none
none|none none none

T:06:10:00 Win2K-f 41.234.50.38 (TEDATA.NET):
AFRINIC,
CAIRO, AL QAHIRAH, EG. (DSL) n/a 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:06:13:00 Win2K-f 188.237.250.205 (RIPE.NET):
EUROPEAN REGIONAL REGISTRY,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 42 03d5d9f543
NEW none[none] none:none
none|none none none

06:18:00 WinXP 190.208.68.118 (-):
TELMEX CHILE S.A HFC,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 44 d4a771676c
NEW none[none] none:none
none|none none none

06:20:00 Win2K-f 190.134.70.155 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

06:22:00 WinXP 46.8.98.41 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 15 of 42 a493ca51d5
NEW none[none] none:none
none|none none none

T:06:26:00 Win2K-f 92.113.176.213 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
KIEV, KYYIV, UA. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 44 a09b115a23
NEW none[none] none:none
none|none none none

06:27:00 WinXP 92.113.176.213 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
KIEV, KYYIV, UA. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 41 of 44 a09b115a23
NEW none[none] none:none
none|none none none

T:06:32:00 Win2K-f 190.227.143.167 (NET.AR):
TELECOM PERSONAL BS AS,
AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

T:06:33:00 WinXP 92.113.42.101 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
ZAPORIZHZHYA, ZAPORIZ'KA OBLAST', UA. (DIAL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 41 of 44 a09b115a23
NEW none[none] none:none
none|none none none

06:33:00 WinXP 190.227.143.167 (NET.AR):
TELECOM PERSONAL BS AS,
AR. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

06:33:00 Win2K-f 92.113.42.101 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
ZAPORIZHZHYA, ZAPORIZ'KA OBLAST', UA. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 44 a09b115a23
NEW none[none] none:none
none|none none none

T:06:34:00 WinXP 186.180.60.203 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 6 of 42 ab091de260
NEW none[none] none:none
none|none none none

T:06:38:00 Win2K-f 186.92.54.213 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:06:47:00 WinXP 189.119.218.171 (TIMBRASIL.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) n/a DE:citi-bank.ru
:kidos-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 42 of 42 4aa9b2104a
NEW none[none] none:none
none|none none none

T:06:50:00 WinXP 186.19.245.245 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 6 of 42 ab091de260
NEW none[none] none:none
none|none none none

T:07:00:00 WinXP 189.64.244.242 (TIMBRASIL.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:07:05:00 Win2K-f 190.132.235.214 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:07:08:00 WinXP 31.211.131.132 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 41 of 44 16e62d33e5
NEW none[none] none:none
none|none none none

T:07:09:00 Win2K-f 190.134.75.7 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:07:12:00 Win2K-f 190.220.216.125 (TECHTELNET.NET):
TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A,
AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 43 b8309214df
NEW none[none] none:none
none|none none none

T:07:19:00 WinXP 87.11.39.171 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
BERGAMO, LOMBARDIA, IT. (DSL) n/a DE:citi-bank.ru
DE:kidos-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

07:21:00 Win2K-f 186.22.135.1 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 43 81ba00784c
NEW none[none] none:none
none|none none none

T:07:33:00 Win2K-f 41.234.84.60 (TEDATA.NET):
AFRINIC,
CAIRO, AL QAHIRAH, EG. (DSL) n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

07:39:00 WinXP 218.168.2.106 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 43 e9cb65d408
NEW none[none] none:none
none|none none none

07:40:00 Win2K-f 190.134.75.7 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:07:44:00 Win2K-f 190.68.4.19 (TELEFONICA.NET.CO):
COLOMBIA TELECOMUNICACIONES S.A. ESP,
CALI, VALLE DEL CAUCA, CO. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 8 of 42 03d5d9f543
NEW none[none] none:none
none|none none none

T:07:59:00 Win2K-f 190.134.7.145 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:08:04:00 WinXP 41.239.82.65 (TEDATA.NET):
AFRINIC,
EG. (DSL) n/a 445 pcap raw alerts
ruleset other
8 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:08:19:00 Win2K-f 85.236.184.75 (SAMARALAN.RU):
TAHION,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:54:00 Win2K-f 190.68.4.19 (TELEFONICA.NET.CO):
COLOMBIA TELECOMUNICACIONES S.A. ESP,
CALI, VALLE DEL CAUCA, CO. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 42 03d5d9f543
NEW none[none] none:none
none|none none none

T:09:26:00 WinXP 96.8.188.216 (GVTC.COM):
GUADALUPE VALLEY TELEPHONE COOPERATIVE INC,
NEW BRAUNFELS, TEXAS, US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:10:10:00 Win2K-f 178.217.160.4 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

T:10:11:00 Win2K-f 92.113.49.73 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
ZAPORIZHZHYA, ZAPORIZ'KA OBLAST', UA. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 41 of 44 a09b115a23
NEW none[none] none:none
none|none none none

T:10:13:00 Win2K-f 186.22.25.27 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

T:10:15:00 WinXP 216.188.236.248 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS WACO,
WOODWAY, TEXAS, US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:10:20:00 WinXP 41.251.45.220 (IAM.NET.MA):
AFRINIC,
MARRAKESH, MARRAKECH, MA. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 14 of 44 69cd486510
NEW none[none] none:none
none|none none none

T:10:22:00 Win2K-f 186.15.113.239 (CT.CO.CR):
CABLE TICA,
CR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:24:00 WinXP 190.132.96.197 (ANTELDATA.NET.UY):
ANCEL,
UY. (DIAL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 38 of 44 19f34c3bcd
NEW none[none] none:none
none|none none none

T:10:33:00 Win2K-f 186.18.93.173 (186.IN-ADDR.ARPA):
TELECENTRO S.A. - CLIENTES RESIDENCIALES,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 6 of 42 ab091de260
NEW none[none] none:none
none|none none none

T:10:38:00 WinXP 190.132.73.246 (ANTELDATA.NET.UY):
ANCEL,
UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:40:00 WinXP 41.234.81.20 (TEDATA.NET):
AFRINIC,
CAIRO, AL QAHIRAH, EG. (DSL) n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:47:00 WinXP 196.217.157.221 (IAM.NET.MA):
ADSL SUBSCRIBER - CASA AND SOUTH MOROCOO,
CASABLANCA, CASABLANCA, MA. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 14 of 44 69cd486510
NEW none[none] none:none
none|none none none

T:10:48:00 Win2K-f 92.113.61.229 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
ZAPORIZHZHYA, ZAPORIZ'KA OBLAST', UA. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 44 a09b115a23
NEW none[none] none:none
none|none none none

T:10:52:00 Win2K-f 190.132.241.25 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
17 lines Yeah : 0.8
profile none summary
tarball 38 of 44 19f34c3bcd
NEW none[none] none:none
none|none none none

T:10:54:00 WinXP 69.76.201.20 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KANSAS CITY, MISSOURI, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:11:05:00 Win2K-f 177.30.56.152 (-):
. n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 36 of 44 3cbea8fb11
NEW none[none] none:none
none|none none none

11:15:00 WinXP 31.147.190.110 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 88f3393e20
NEW none[none] none:none
none|none none none

T:11:18:00 WinXP 92.113.67.243 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
KIEV, KYYIV, UA. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 41 of 44 a09b115a23
NEW none[none] none:none
none|none none none

T:11:35:00 Win2K-f 109.185.195.165 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 42 03d5d9f543
NEW none[none] none:none
none|none none none

T:11:35:00 Win2K-f 41.239.201.143 (TEDATA.NET):
AFRINIC,
EG. (DSL) n/a 445 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:40:00 WinXP 218.168.1.133 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 38 of 43 e9cb65d408
NEW none[none] none:none
none|none none none

T:11:40:00 WinXP 41.141.129.20 (IAM.NET.MA):
AFRINIC,
MA. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.3
profile none summary
tarball 14 of 44 1c58724bf1
NEW none[none] none:none
none|none none none

T:11:49:00 WinXP 31.211.156.141 (-):
. n/a DE:citi-bank.ru
:adult-empire.com
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:11:59:00 WinXP 190.227.148.52 (NET.AR):
TELECOM PERSONAL BS AS,
AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:02:00 Win2K-f 109.185.197.250 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 42 03d5d9f543
NEW none[none] none:none
none|none none none

12:05:00 WinXP 186.15.14.31 (CT.CO.CR):
CABLE TICA,
SAN JOSE, SAN JOSE, CR. (DSL) n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 44 09ef895a98
NEW none[none] none:none
none|none none none

T:12:08:00 WinXP 186.15.113.127 (CT.CO.CR):
CABLE TICA,
CR. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 17 of 43 039e94f575
NEW none[none] none:none
none|none none none

T:12:17:00 Win2K-f 186.51.160.34 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:12:25:00 Win2K-f 190.37.87.230 (CANTV.NET):
CANTV SERVICIOS VENEZUELA,
BARQUISIMETO, LARA, VE. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

12:41:00 Win2K-f 186.36.162.104 (CHILESAT.NET):
TELMEX SERVICIOS EMPRESARIALES S.A,
CL. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:12:41:00 WinXP 186.109.68.103 (-):
. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

T:12:46:00 Win2K-f 188.237.247.53 (RIPE.NET):
EUROPEAN REGIONAL REGISTRY,
UK. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 8 of 42 03d5d9f543
NEW none[none] none:none
none|none none none

12:48:00 WinXP 218.168.1.133 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:51:00 WinXP 190.132.70.128 (ANTELDATA.NET.UY):
ANCEL,
UY. (DIAL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 38 of 44 19f34c3bcd
NEW none[none] none:none
none|none none none

T:12:54:00 WinXP 109.185.195.14 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.3
profile none summary
tarball 8 of 42 03d5d9f543
NEW none[none] none:none
none|none none none

T:13:02:00 Win2K-f 187.46.29.155 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:13:07:00 Win2K-f 188.237.247.192 (RIPE.NET):
EUROPEAN REGIONAL REGISTRY,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 42 03d5d9f543
NEW none[none] none:none
none|none none none

13:08:00 Win2K-f 190.105.37.81 (NET.AR):
VER TV S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 44 a62c00ca13
NEW none[none] none:none
none|none none none

T:13:17:00 WinXP 190.132.244.236 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 12 of 42 defde1d2c8
NEW none[none] none:none
none|none none none

T:13:23:00 WinXP 186.36.162.104 (CHILESAT.NET):
TELMEX SERVICIOS EMPRESARIALES S.A,
CL. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:13:35:00 Win2K-f 109.185.194.178 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 42 03d5d9f543
NEW none[none] none:none
none|none none none

T:13:48:00 WinXP 186.15.113.22 (CT.CO.CR):
CABLE TICA,
CR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:51:00 WinXP 109.226.64.100 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 15 of 42 a493ca51d5
NEW none[none] none:none
none|none none none

T:14:09:00 WinXP 190.132.110.164 (ANTELDATA.NET.UY):
ANCEL,
UY. (DIAL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 38 of 44 19f34c3bcd
NEW none[none] none:none
none|none none none

T:14:11:00 Win2K-f 212.79.121.76 (-):
INFOMAX SATELLITE NETWORK,
KARACHI, SINDH, PK. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:14:13:00 Win2K-f 186.15.11.219 (CT.CO.CR):
CABLE TICA,
SAN JOSE, SAN JOSE, CR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 44 09ef895a98
NEW none[none] none:none
none|none none none

T:15:10:00 Win2K-f 190.105.94.134 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 43 b8309214df
NEW none[none] none:none
none|none none none

T:15:10:00 Win2K-f 186.227.69.115 (-):
. n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:15:10:00 WinXP 189.36.162.204 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
RIO DE JANEIRO, RIO DE JANEIRO, BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:15:10:00 WinXP 186.18.122.146 (186.IN-ADDR.ARPA):
TELECENTRO S.A. - CLIENTES RESIDENCIALES,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:15:10:00 WinXP 61.222.227.12, 91.98.146.3 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.3
profile none summary
tarball 43 of 44 6684e3755f
NEW none[none] none:none
none|none none none

15:12:00 Win2K-f 190.105.94.134, 91.98.146.3 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 30 of 43 b8309214df
NEW none[none] none:none
none|none none none

15:29:00 Win2K-f 186.18.162.112 (186.IN-ADDR.ARPA):
TELECENTRO S.A. - CLIENTES RESIDENCIALES,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 42 2946dde48f
NEW none[none] none:none
none|none none none

T:15:35:00 Win2K-f 41.143.22.219 (IAM.NET.MA):
AFRINIC,
MA. (DSL) n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

T:16:00:00 WinXP 190.209.112.64 (-):
TELMEX CHILE S.A HFC,
CL. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 18 of 43 762e448e27
NEW none[none] none:none
none|none none none

T:16:00:00 Win2K-f 190.132.195.242 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:14:00 WinXP 186.18.155.204 (186.IN-ADDR.ARPA):
TELECENTRO S.A. - CLIENTES RESIDENCIALES,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 18 of 43 762e448e27
NEW none[none] none:none
none|none none none

T:16:19:00 Win2K-f 91.211.19.39 (DIDAN.NET.UA):
KHARDIKOV NIKOLAY NIKOLAYEVICH,
DONETSK, DONETS'KA OBLAST', UA. (DSL) 91.98.146.3:6667 IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 15 of 42 a493ca51d5
NEW none[none] none:none
none|none none none

T:16:20:00 WinXP 113.211.52.164 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:16:21:00 WinXP 190.134.94.43 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 44 3d926e85a3
NEW none[none] none:none
none|none none none

16:21:00 Win2K-f 186.87.67.60 (HOODPACKAGING.COM):
TV CABLE S.A,
CO. (DSL) n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:26:00 WinXP 190.132.249.232 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:26:00 Win2K-f 186.195.153.164 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 14 of 42 2946dde48f
NEW none[none] none:none
none|none none none

16:37:00 Win2K-f 186.36.21.150 (CHILESAT.NET):
TELMEX SERVICIOS EMPRESARIALES S.A,
CL. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 44 d4a771676c
NEW none[none] none:none
none|none none none

T:16:38:00 WinXP 201.188.31.146 (-):
. n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 12 of 34 655a391798
NEW none[none] none:none
none|none none none

T:16:41:00 WinXP 190.132.64.198 (ANTELDATA.NET.UY):
ANCEL,
UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:52:00 Win2K-f 186.180.19.114 (-):
. n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 6 of 42 ab091de260
NEW none[none] none:none
none|none none none

T:16:58:00 Win2K-f 190.64.191.50 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:59:00 Win2K-f 41.141.162.150 (IAM.NET.MA):
AFRINIC,
MA. (DSL) n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:07:00 Win2K-f 190.64.235.218 (ADINET.COM.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 24 of 43 d9c8bc5548
NEW none[none] none:none
none|none none none

T:17:12:00 Win2K-f 186.18.199.65 (186.IN-ADDR.ARPA):
TELECENTRO S.A. - CLIENTES RESIDENCIALES,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 43 4c388ca8ba
NEW none[none] none:none
none|none none none

T:17:17:00 WinXP 190.132.77.213 (ANTELDATA.NET.UY):
ANCEL,
UY. (DIAL) n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 38 of 44 19f34c3bcd
NEW none[none] none:none
none|none none none

17:18:00 Win2K-f 186.180.19.114 (-):
. 91.98.146.3:6667 IR:sparkles.no-ip.org 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 6 of 42 ab091de260
NEW none[none] none:none
none|none none none

T:17:28:00 WinXP 186.114.144.188 (TELEFONICA.NET.CO):
COLOMBIA TELECOMUNICACIONES S.A. ESP,
CO. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:31:00 Win2K-f 190.211.27.199 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 18 of 43 762e448e27
NEW none[none] none:none
none|none none none

T:17:34:00 Win2K-f 190.120.131.93 (EMTEL.NET.CO):
COLOMBIA MVIL,
TOCAIMA, CUNDINAMARCA, CO. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 43 b8309214df
NEW none[none] none:none
none|none none none

17:42:00 WinXP 91.211.19.39 (DIDAN.NET.UA):
KHARDIKOV NIKOLAY NIKOLAYEVICH,
DONETSK, DONETS'KA OBLAST', UA. (DSL) n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 15 of 42 a493ca51d5
NEW none[none] none:none
none|none none none

T:17:44:00 WinXP 186.48.118.190 (-):
. n/a IR:sparkles.no-ip.org
IR:91.98.146.3:6667 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 15 of 42 59b543ef34
NEW none[none] none:none
none|none none none

T:17:53:00 WinXP 95.88.216.32 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 43 3ef772fcd5
NEW none[none] none:none
none|none none none

T:17:57:00 WinXP 113.252.43.51 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

17:57:00 Win2K-f 190.209.44.193 (-):
TELMEX CHILE S.A HFC,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 42 03d5d9f543
NEW none[none] none:none
none|none none none

T:20:10:00 WinXP 109.82.88.62 (JWS.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:20:21:00 WinXP 174.42.187.23 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - WARRENSVILLE HEIGHTS,
SALISBURY, NORTH CAROLINA, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:20:40:00 WinXP 118.21.12.202 (PLALA.OR.JP):
NTT PLALA INC,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 40 of 41 09245a76fe
NEW 4767a61119 [0] ASM:Graph
none|none lines=59 trace

T:21:01:00 WinXP 68.183.153.177 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 41 6c56402f1b
NEW none[none] none:none
none|none none none

T:22:04:00 WinXP 113.10.100.42 (-):
STARHUB HSDPA SG,
SG. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:22:28:00 Win2K-f 202.147.219.170 (KCN-TV.NE.JP):
KUMAMOTO CABLE NETWORK CORPORATION,
KUMAMOTO, KUMAMOTO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:22:55:00 WinXP 113.255.156.71 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HK. (DSL) n/a :gg.arrancar.org 135 pcap raw alerts
ruleset other
182 lines Yeah : 1.3
profile none summary
tarball 37 of 41 7c7d5bd68d
NEW 25c505d17c [0] ASM:Graph
StarForce| lines=546 trace

T:23:58:00 WinXP 123.193.204.97 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 38 of 41 9276456bf8
NEW none[none] none:none
none|none none none