192.168.10.31
|
2.3 |
VIEW 80 |
- 88.198.228.238 (Static.88-198-228-238.Clients.Your-Server.De), Country: Germany (De), City: Nuremberg.
- 78.24.188.201 (Position.Sessantanove.Us), Country: Germany (De), City: Berlin.
- 193.104.94.11 Country: Russian Federation (Ru), City: (Unknown City).
- 208.73.210.27 (Parkinglot.Information.Com), Country: United States (Us), City: Los Angeles, Ca.
- 174.133.57.140 (8c.39.85ae.Static.Theplanet.Com), Country: United States (Us), City: Houston, Tx.
- 98.126.46.210 (Customer.Krypt.Com), Country: United States (Us), City: Orange, Ca.
- 213.219.245.212 Country: Switzerland (Ch), City: Zurich.
- 218.93.205.30 Country: China (Cn), City: (Unknown City).
- 217.11.54.126 (Webfw2.Dd24.Net), Country: Germany (De), City: (Unknown City).
- 209.107.213.27 Country: United States (Us), City: (Unknown City).
- 64.38.232.180 Country: United States (Us), City: (Unknown City).
- 66.150.51.151 Country: United States (Us), City: (Unknown City).
- 209.107.213.34 Country: United States (Us), City: (Unknown City).
- 209.107.213.85 Country: United States (Us), City: (Unknown City).
|
- 1:2003179 (7) {tcp} Egg Download: ET POLICY exe download without User Agent, [/rlink.exe]; 58537->80
- 1:2000352 {tcp} Attack Prep: ET ATTACK RESPONSE IRC - dns request on non-std port; 36815->55003
- 1:22000346 (4) {tcp} Inbound Attack: ET ATTACK RESPONSE IRC - Name response on non-std port MAC_Dst: 00:01:64:FF:CE:EA; 44542<-55003
- 1:2001685 {tcp} Egg Download: ET MALWARE Possible Windows executable sent when remote host claims to send an image; 48821<-80
- 1:2003179 (7) {tcp} Egg Download: ET POLICY exe download without User Agent, [/bnew.exe]; 34760->80
- 1:2000419 (3) {tcp} Egg Download: ET POLICY PE EXE or DLL Windows file download; 43199<-88
- 1:2632222 {tcp} E2[dns] BHDNS SPYWARE-CONTACT: colopin.cn (zeus), [%04%02%08%0Av%19%FF%FF%00%00%00%00%01%03%03%07%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00] MAC_Dst: 00:21:1C:EE:14:00; 33524->80
- 1:2000419 {tcp} Egg Download: ET POLICY PE EXE or DLL Windows file download; 52356<-81
- 1:22000346 (3) {tcp} Inbound Attack: ET ATTACK RESPONSE IRC - Name response on non-std port MAC_Dst: 00:01:64:FF:CE:EA; 37821<-55003
- 1:2001685 {tcp} Egg Download: ET MALWARE Possible Windows executable sent when remote host claims to send an image; 41321<-80
- 1:2003603 {tcp} C&C Communication: ET TROJAN W32.Virut.A joining an IRC Channel; 59130->65520
- 1:2632222 {tcp} E2[dns] BHDNS SPYWARE-CONTACT: colopin.cn (zeus), [%04%02%08%0Avs8%FF%00%00%00%00%01%03%03%071I%1880%FFl+%FF'%FFY%FFr%1E] MAC_Dst: 00:21:1C:EE:14:00; 38322->80
- 1:2003603 {tcp} C&C Communication: ET TROJAN W32.Virut.A joining an IRC Channel; 44963->65520
- 1:2632222 {tcp} E2[dns] BHDNS SPYWARE-CONTACT: colopin.cn (zeus) MAC_Dst: 00:21:1C:EE:14:00; 55806->80
- 1:2003636 {tcp} C&C Communication: ET VIRUS Sality Virus User Agent Detected (KUKU), [/mrow_pin/?id5813562obub29622&rnd=5825875]; 36059->80
- 1:2003088 {tcp} C&C Communication: ET TROJAN Sality Trojan User-Agent (KUKU v3.09 exp); 36059->80
- 1:2003088 (5) {tcp} C&C Communication: ET TROJAN Sality Trojan User-Agent (KUKU v3.09 exp); 33434->80
- 1:2001894 {tcp} Egg Download: ET MALWARE ToolbarPartner Spyware Agent Partner Install, [/inst.php?id=32&sid=0]; 57805->80
- 1:2632222 {tcp} E2[dns] BHDNS SPYWARE-CONTACT: colopin.cn (zeus), [%04%02%08%0Aw%02%FF%FF%00%00%00%00%01%03%03%07zation Required] MAC_Dst: 00:21:1C:EE:14:00; 45761->80
- 1:2632222 {tcp} E2[dns] BHDNS SPYWARE-CONTACT: colopin.cn (zeus), [%04%02%08%0Aw%0E%18*%00%00%00%00%01%03%03%078%FF}o~%FF%FF%FF1=%FF?zP%FF] MAC_Dst: 00:21:1C:EE:14:00; 54759->80
|