BGAFC Vendégkönyv

Σ: 1 post

TCH (statz)

#1, Főfasz (10466)

48645 | #330d | ^ | Idézet | Sat, 04 Jul 2015 13:41:37 +02

188.36.*.*

*.catv.pool.telekom.hu

@OrkenWhite:
Volt. Kár, hogy felbomlott.

Az most mindegy. A lényeg, hogy Ákos írta a számot.

@OrkenWhite:
A tényleges log egy SQL ADATBÁZIS!! Érdekes...

Javaslom az t_names táblát, mert a konkrét IP-ket nem találtam meg.

root@Csabi:/media/ROOTDIR/downloads# wget http://orkenwhitesplace.tk/history.db
--2015-07-04 14:02:52--  http://orkenwhitesplace.tk/history.db
orkenwhitesplace.tk (orkenwhitesplace.tk) feloldása… 31.220.16.192
Csatlakozás a következőhöz: orkenwhitesplace.tk (orkenwhitesplace.tk)[31.220.16.192]:80… kapcsolódva.
HTTP kérés elküldve, várakozás válaszra… 200 OK
Hossz: 286720 (280K)
Mentés ide: „history.db”

history.db          100%[=====================>] 280,00K   443KB/s  idő 0,6s

2015-07-04 14:02:53 (443 KB/s) -- „history.db” mentve [286720/286720]

root@Csabi:/media/ROOTDIR/downloads# head -c 16 history.db | more
SQLite format 3
root@Csabi:/media/ROOTDIR/downloads# sqlite3 history.db
SQLite version 3.8.7.1 2014-10-29 13:59:56
Enter ".help" for usage hints.
sqlite> .tables
t_history  t_names
sqlite> PRAGMA table_info(t_names);

0	id	integer	0		1
1	name	text	0		0

sqlite> SELECT * FROM t_names;

1
2	Auto-allow for updating
3	Detected AP2P on Feral Hosting
4	Time Warner Telecom
5	Detected AP2P on SPN
6	Telecom Italia Business
7	botnet on VimpelCom Beeline
8	botnet on Smart Broadband
9	Trident Mediaguard
10	Detected AP2P on LeaseWeb
11	Savvis
12	Detected AP2P on NFOrce Entertainment
13	OVH SAS
14	Detected AP2P on FERAL Hosting
15	Ahead Software AG
16	OJSC MegaFon - CUSTOMERS-GPRS-LAN - CORP \| ap2p
17	Over The Top TV
18	VimpelCom Beeline\|AP2P
19	Tiversa
20	4294.COLOC
21	Digital Ocean
22	Kad activity on LeaseWeb
23	OVH SAS Dedicated Servers
24	Detected AP2P on Hosting Services Inc
25	block for PI assignments
26	Priority Telecom
27	Comodo CA
28	Dtaps-AP2P SoftLayer
29	Clicksor Malware Network Yesup
30	Total Server Solutions L.L.C
31	UK Government Department for Work and Pensions
32	root S.A
33	Detected AP2P on Hosted Data Solutions
34	Kad activity on Amazon
35	SMSHoax FakeAV Fraud Trojan
36	Russian Federal University Network
37	Dtaps - AP2P SoftLayer
38	LeaseWeb
39	Detected AP2P on Amazon EC2 cloud
40	iWeb Dedicated CL2
41	possible ap2p on AVIEL
42	Botnet on ChinaNet Zhejiang
43	China Unicom Henan \| AP2P
44	Sportsline.com

sqlite> PRAGMA table_info(t_history);

0	time	real
1	nameid	integer
2	source	integer
3	sourceport	integer
4	destination	integer
5	destport	integer
6	protocol	integer
7	action	integer

sqlite> SELECT name,(((source >> 24) & 255) || '.' || ((source >> 16) & 255) || '.' || ((source >> 8) & 255) || '.' || (source & 255)),sourceport,(((destination >> 24) & 255) || '.' || ((destination >> 16) & 255) || '.' || ((destination >> 8) & 255) || '.' || (destination & 255)),destport FROM t_history LEFT JOIN t_names ON (t_history.nameid=t_names.id) WHERE nameid > 2;

Detected AP2P on Feral Hosting	192.168.0.100	56794	185.21.216.182	23890
Time Warner Telecom	207.71.25.214	8886	192.168.0.100	56794
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Telecom Italia Business	192.168.0.100	56794	95.243.73.212	52669
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
botnet on VimpelCom Beeline	217.118.81.20	33772	192.168.0.100	56794
Detected AP2P on SPN	67.215.246.10	6881	192.168.0.100	56794
botnet on Smart Broadband	192.168.0.100	56794	125.60.156.171	12028
Trident Mediaguard	192.168.0.100	56794	154.45.216.165	1088
Detected AP2P on SPN	67.215.246.10	6881	192.168.0.100	56794
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Detected AP2P on LeaseWeb	192.168.0.100	56794	83.149.125.104	6881
Detected AP2P on SPN	67.215.246.10	6881	192.168.0.100	56794
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Savvis	209.67.169.56	6881	192.168.0.100	56794
Detected AP2P on NFOrce Entertainment	109.201.137.167	18779	192.168.0.100	56794
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Detected AP2P on SPN	67.215.246.10	6881	192.168.0.100	56794
OVH SAS	192.168.0.100	56794	188.165.194.17	21414
Detected AP2P on FERAL Hosting	192.168.0.100	56794	185.21.216.140	7053
Ahead Software AG	192.168.0.100	56794	213.144.12.43	45509
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
OJSC MegaFon - CUSTOMERS-GPRS-LAN - CORP \| ap2p	192.168.0.100	56794	85.26.232.35	14254
OJSC MegaFon - CUSTOMERS-GPRS-LAN - CORP \| ap2p	192.168.0.100	8	85.26.232.35	0
OJSC MegaFon - CUSTOMERS-GPRS-LAN - CORP \| ap2p	192.168.0.100	8	85.26.232.35	0
OJSC MegaFon - CUSTOMERS-GPRS-LAN - CORP \| ap2p	192.168.0.100	8	85.26.232.35	0
OJSC MegaFon - CUSTOMERS-GPRS-LAN - CORP \| ap2p	192.168.0.100	8	85.26.232.35	0
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Telecom Italia Business	79.4.185.166	6881	192.168.0.100	56794
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Ahead Software AG	192.168.0.100	56794	213.144.12.44	60742
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Over The Top TV	192.168.0.100	56794	103.252.202.187	16340
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
VimpelCom Beeline\|AP2P	217.118.78.32	23759	192.168.0.100	56794
Tiversa	10.3.145.59	56794	208.103.122.169	5000
4294.COLOC	10.3.145.59	56794	208.51.62.98	5530
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Detected AP2P on LeaseWeb	10.3.145.59	56794	83.149.125.160	6881
OVH SAS	10.3.145.59	56794	91.121.178.20	51413
Savvis	209.67.169.56	6881	192.168.0.100	56794
Tiversa	10.3.145.59	56794	208.103.122.169	5000
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Digital Ocean	10.3.145.59	56794	146.185.169.249	6669
Kad activity on LeaseWeb	10.3.145.59	56794	95.211.95.11	6881
Digital Ocean	10.3.145.59	56794	146.185.169.249	6669
Digital Ocean	10.3.145.59	56794	146.185.169.249	6669
Digital Ocean	10.3.145.59	51072	146.185.169.249	6669
OVH SAS Dedicated Servers	10.3.145.59	56794	91.121.220.68	51413
Detected AP2P on Hosting Services Inc	10.3.145.59	56794	75.126.196.145	6889
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
OVH SAS	10.3.145.59	56794	188.165.225.138	6881
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Digital Ocean	10.3.145.59	51219	146.185.169.249	6669
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
OJSC MegaFon - CUSTOMERS-GPRS-LAN - CORP \| ap2p	10.3.145.59	56794	85.26.232.35	58673
block for PI assignments	10.3.145.59	56794	81.163.89.77	51917
Priority Telecom	10.3.145.59	56794	213.127.241.234	7485
OVH SAS	10.3.145.59	56794	188.165.205.22	60525
Comodo CA	10.3.145.59	51274	178.255.83.2	80
Comodo CA	10.3.145.59	51275	178.255.83.2	80
Comodo CA	10.3.145.59	51276	178.255.83.2	80
Comodo CA	10.3.145.59	51277	178.255.83.2	80
Comodo CA	10.3.145.59	51278	178.255.83.1	80
Comodo CA	10.3.145.59	51279	178.255.83.1	80
Ahead Software AG	10.3.145.59	56794	213.144.12.41	9357
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Telecom Italia Business	10.3.145.59	56794	95.224.96.51	6881
Digital Ocean	10.3.145.59	51338	146.185.169.249	6669
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Telecom Italia Business	10.3.145.59	56794	95.243.73.212	52669
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Dtaps-AP2P SoftLayer	10.3.145.59	56794	173.193.111.206	15000
Kad activity on LeaseWeb	10.3.145.59	56794	95.211.95.11	6881
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
OVH SAS	10.3.145.59	56794	188.165.225.138	6881
Time Warner Telecom	10.3.145.59	56794	207.71.25.214	33732
OVH SAS	10.3.145.59	56794	188.165.203.63	6881
OVH SAS	10.3.145.59	56794	188.165.212.7	49161
Clicksor Malware Network Yesup	10.3.145.59	56794	166.48.52.48	9101
Total Server Solutions L.L.C	10.3.145.59	56794	206.220.172.205	53263
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
block for PI assignments	10.3.145.59	56794	81.163.131.102	35699
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Detected AP2P on Feral Hosting	10.3.145.59	56794	185.21.217.9	18454
Kad activity on LeaseWeb	10.3.145.59	56794	95.211.95.11	6881
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Tiversa	10.3.145.59	56794	208.103.122.169	5000
OVH SAS	10.3.145.59	56794	188.165.225.138	6881
Detected AP2P on LeaseWeb	10.3.145.59	56794	83.149.125.104	6881
UK Government Department for Work and Pensions	10.3.145.59	56794	51.174.120.150	46190
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Detected AP2P on Feral Hosting	10.3.145.59	56794	185.21.216.182	57947
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Detected AP2P on FERAL Hosting	10.3.145.59	56794	185.21.216.140	7053
OVH SAS	10.3.145.59	56794	188.165.194.17	21414
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
OVH SAS	10.3.145.59	56794	188.165.212.208	6881
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Telecom Italia Business	10.3.145.59	56794	95.243.73.212	52669
root S.A	10.3.145.59	56794	94.242.229.247	51413
OVH SAS	10.3.145.59	56794	91.121.59.153	6881
4294.COLOC	10.3.145.59	56794	208.51.62.98	5578
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.145.59	56794	67.215.246.10	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Ahead Software AG	10.3.151.184	56794	213.144.12.40	60486
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on Hosted Data Solutions	10.3.151.184	56794	173.209.211.223	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
OVH SAS	10.3.151.184	56794	188.165.225.138	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
4294.COLOC	10.3.151.184	56794	208.51.62.98	5531
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Kad activity on Amazon	10.3.151.184	56794	54.241.51.173	59692
OVH SAS	10.3.151.184	56794	91.121.73.207	61601
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
OVH SAS	10.3.151.184	56794	91.121.121.54	50000
SMSHoax FakeAV Fraud Trojan	10.3.151.184	56794	119.252.160.34	46045
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
OVH SAS	10.3.151.184	56794	188.165.232.178	51413
Russian Federal University Network	10.3.151.184	56794	85.143.113.34	62679
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Ahead Software AG	10.3.151.184	56794	213.144.12.44	53636
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
4294.COLOC	10.3.151.184	56794	208.51.62.98	5531
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
OVH SAS	10.3.151.184	56794	91.121.177.11	6881
Dtaps - AP2P SoftLayer	10.3.151.184	56794	174.36.6.23	15014
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
4294.COLOC	10.3.151.184	56794	208.51.62.98	5531
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
LeaseWeb	10.3.151.184	56794	85.17.29.115	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Digital Ocean	10.3.151.184	51924	146.185.169.249	6669
Detected AP2P on Amazon EC2 cloud	10.3.151.184	56794	184.73.154.187	31645
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Dtaps - AP2P SoftLayer	10.3.151.184	56794	50.97.85.26	15018
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
iWeb Dedicated CL2	10.3.151.184	56794	174.142.231.99	51337
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	10.3.151.184	56794	67.215.246.10	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
OVH SAS	192.168.0.100	56794	188.165.225.138	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Dtaps-AP2P SoftLayer	192.168.0.100	56794	173.193.111.206	15004
Digital Ocean	192.168.0.100	52062	146.185.169.249	6669
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
4294.COLOC	192.168.0.100	56794	208.51.62.98	5531
Digital Ocean	192.168.0.100	52104	146.185.169.249	6669
possible ap2p on AVIEL	192.168.0.100	56794	93.185.192.79	1277
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Botnet on ChinaNet Zhejiang	192.168.0.100	56794	183.157.160.52	9012
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
China Unicom Henan \| AP2P	192.168.0.100	56794	182.118.13.19	65007
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Ahead Software AG	192.168.0.100	56794	213.144.12.42	16785
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
OVH SAS	192.168.0.100	56794	91.121.86.20	50501
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Detected AP2P on SPN	192.168.0.100	56794	67.215.246.10	6881
Sportsline.com	192.168.0.100	51286	64.30.228.81	80
Sportsline.com	192.168.0.100	51288	64.30.228.81	80
OVH SAS	192.168.0.100	49523	91.121.44.90	80
OVH SAS	192.168.0.100	49543	91.121.44.90	80
OVH SAS	192.168.0.100	49589	91.121.44.90	80
Comodo CA	192.168.0.100	49662	178.255.83.1	80
Comodo CA	192.168.0.100	49663	178.255.83.1	80
Comodo CA	192.168.0.100	49677	178.255.83.1	80
Comodo CA	192.168.0.100	49678	178.255.83.1	80

Én egy darab kormányszervet vagy anti-p2p trollt nem látok ezek között. Az mondjuk érdekes, hogy miért indít a géped lekéréseket azok felé az IP-címek felé (VirusTotalos URL van azokon, amik nem voltak tiszták), de én inkább valami helyi jellegű fertőzésre gondolnék...egyszóval valami SAM van a gépeden.

Az IP-ket meg azért nem találtad meg, mert a source és a destination mezők signed 64-bit integerben vannak tárolva. "Kicsomagolásuk" a fenti lekérésben található.

Amúgy az 1-es nameid-jű bejegyzések (az üres nevek) is tele vannak SAM-es IP-kkel, de mivel most csak a névvel bíróakat néztük, hogy megy-e kormányszervek, egyebek felé valami, így azokat kihagytam, mert azokról úgy sem lehet tudni semmit az IP-címen kívül, tehát most érdektelenek voltak nekünk.