source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas

t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo

g; 1474556395.974016C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---vr-priv
ate-kundes (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:54 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556395.974016
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
vr-private-kundes-de.tk Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 3610
8 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:54.000Z | level: 4 |
_id: 16f911f1-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input:
54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556395.974016CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---vr-priv
ate-kundes (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:54 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556395.974016
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
vr-private-kundes-de.tk Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 3610
8 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:54.000Z | level: 4 |
_id: 16f8c3d0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input:
54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556396.968387C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---yourcom
puterhelpd (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:54 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556396.968387
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
yourcomputerhelpdesk.com
Intel::DOMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_po
rt: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:54.000Z | lev
el: 4 | _id: 16f98720-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sourc
e_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556396.968387CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---yourcom
puterhelpd (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:54 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556396.968387
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
yourcomputerhelpdesk.com
Intel::DOMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_po
rt: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:54.000Z | lev
el: 4 | _id: 16f9d540-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sourc
e_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556396.968387C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---xenom (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_

message: <132>Sep 22 09:58:54 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556396.968387 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
xenomc.com
Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:54.000Z | level: 4
| _id: 16fa2360-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556396.968387CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---xenom (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:54 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556396.968387 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
xenomc.com
Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:54.000Z | level: 4
| _id: 16fabfa0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556396.968387C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---xiazai2
.netIntel: (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:54 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556396.968387
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
xiazai2.net
Intel::DOMAIN
DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:54.000Z | level: 4 | _id: 16
fa4a71-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556396.968387CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---xiazai2
.netIntel: (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:54 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556396.968387
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
xiazai2.net
Intel::DOMAIN
DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:54.000Z | level: 4 | _id: 16
fb82f0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556395.974016CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---www.908
88.comInte (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:54 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556395.974016
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
www.90888.com Intel::DOMAIN

DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:54.000Z | level: 4 | _id: 16
f82791-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556395.974016C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---www.908
88.comInte (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:54 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556395.974016
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
www.90888.com Intel::DOMAIN
DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:54.000Z | level: 4 | _id: 16
f8eae0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556397.475702C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---smbczxp
.comIntel: (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:54 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556397.475702
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
smbczxp.com
Intel::DOMAIN
DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 36108 | gl2_
remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:54.000Z | level: 4 | _id: 16f
b82f1-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa4
ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556397.475702CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---smbczxp
.comIntel: (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:54 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556397.475702
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
smbczxp.com
Intel::DOMAIN
DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 36108 | gl2_
remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:54.000Z | level: 4 | _id: 16f
b82f3-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa4
ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556390.469500CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---www.p (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556390.469500 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
www.projesite.com
Intel::DOMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | l
evel: 4 | _id: 13a7eb20-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou

rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }

source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556390.469500C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---www.p (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556390.469500 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
www.projesite.com
Intel::DOMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | l
evel: 4 | _id: 13a79d00-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556391.472711CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---rkkdlaw
.comIntel: (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556391.472711
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
rkkdlaw.com
Intel::DOMAIN
DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalware via intel.criticalstack.com | gl2_remote_port: 36108 | gl2_r
emote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4 | _id: 13a9
4ab0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa4c
e4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556391.472711C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---rkkdlaw
.comIntel: (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556391.472711
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
rkkdlaw.com
Intel::DOMAIN
DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalware via intel.criticalstack.com | gl2_remote_port: 36108 | gl2_r
emote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4 | _id: 13a8
ae71-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa4c
e4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556391.472711CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---xsso. (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556391.472711 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
xsso.anbtr.com Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4
| _id: 13a9e6f0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo

g; 1474556391.472711CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---tfpcmed
ia.orgInte (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556391.472711
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
tfpcmedia.org Intel::DOMAIN
DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4 | _id: 13
a9e6f2-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556390.467983C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---www.i (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556390.467983 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
www.iqapps.in Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4
| _id: 13a727d0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556390.469500C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---suexk.g
aIntel::DO (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556390.469500
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
suexk.ga
Intel::DOMAIN
DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 36108 | gl2_
remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4 | _id: 13a
74ee1-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa4
ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556390.968021C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---usdd1.i
nfoIntel:: (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556390.968021
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
usdd1.info
Intel::DOMAIN
DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4 | _id: 13
a88761-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556389.475799CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---www39 (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo

g/bro.fc/intel.log; 1474556389.475799 CIsvAz1QidPN2nCku3

10.206.91.101
36696 10.206.96.83
53
www39.gxxmm.com Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4
| _id: 13a6d9b0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556390.469500CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---suexk.g
aIntel::DO (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556390.469500
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
suexk.ga
Intel::DOMAIN
DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 36108 | gl2_
remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4 | _id: 13a
74ee0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa4
ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556390.469500C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---sunqtr.
comIntel:: (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556390.469500
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
sunqtr.com
Intel::DOMAIN
DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalware via intel.criticalstack.com | gl2_remote_port: 36108 | gl2_r
emote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4 | _id: 13a7
c410-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa4c
e4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556390.469500CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---www.i (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556390.469500 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
www.iqapps.in Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4
| _id: 13a727d1-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556390.469500CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---sunqtr.
comIntel:: (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556390.469500
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
sunqtr.com
Intel::DOMAIN
DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalware via intel.criticalstack.com | gl2_remote_port: 36108 | gl2_r

emote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4 | _id: 13a8

8760-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa4c
e4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556390.968021CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---usdd1.i
nfoIntel:: (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556390.968021
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
usdd1.info
Intel::DOMAIN
DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4 | _id: 13
a8ae70-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556391.472711C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---tfpcmed
ia.orgInte (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556391.472711
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
tfpcmedia.org Intel::DOMAIN
DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4 | _id: 13
a923a0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556391.472711C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---xsso. (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:47 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556391.472711 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
xsso.anbtr.com Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:47.000Z | level: 4
| _id: 13a8ae72-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556387.471532CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---zsmis (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:45 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556387.471532 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
zsmisaki.com
Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:45.000Z | level: 4
| _id: 127fbed0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }

source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556387.969100CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---srivela
vantimbers (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:45 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556387.969100
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
srivelavantimbers.com Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 3610
8 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:45.000Z | level: 4 |
_id: 12808220-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input:
54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556387.471532CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---www.and
rewmelchio (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:45 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556387.471532
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
www.andrewmelchior.com Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 361
08 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:45.000Z | level: 4 |
_id: 12805b10-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input
: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556387.471532C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---www.and
rewmelchio (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:45 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556387.471532
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
www.andrewmelchior.com Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 361
08 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:45.000Z | level: 4 |
_id: 127f2291-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input
: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556387.969100C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---touri (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:45 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556387.969100 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
tourindia.in
Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:45.000Z | level: 4
| _id: 1280a930-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556387.471532CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---shiduer
min.comInt (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_

message: <132>Sep 22 09:58:45 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556387.471532
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
shiduermin.com Intel::DOMAIN
DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:45.000Z | level: 4 | _id: 12
805b11-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556387.471532C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---shiduer
min.comInt (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:45 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556387.471532
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
shiduermin.com Intel::DOMAIN
DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:45.000Z | level: 4 | _id: 12
800cf0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556387.969100C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---seres.h
ttps443.ne (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:45 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556387.969100
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
seres.https443.net
Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2capt via intel.criticalstack.com | gl2_remote_port: 36108 | g
l2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:45.000Z | level: 4 | _id:
12811e60-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5
fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556387.471532C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---zixunxi
u.comIntel (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:44 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556387.471532
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
zixunxiu.com
Intel::DOMAIN
DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:44.000Z | level: 4 | _id: 12
7f2290-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556387.471532CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---zixunxi
u.comIntel (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:44 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556387.471532
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
zixunxiu.com
Intel::DOMAIN

DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:44.000Z | level: 4 | _id: 12
7efb82-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556386.973648C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---yinyuan
hotel.netI (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:44 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556386.973648
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
yinyuanhotel.net
Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 361
08 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:44.000Z | level: 4 |
_id: 127efb80-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input
: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556386.973648CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---www15 (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:44 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556386.973648 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
www15.ktoooo.com
Intel::DOMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:44.000Z | l
evel: 4 | _id: 127e5f40-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556386.973648CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---yinyuan
hotel.netI (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:44 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556386.973648
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
yinyuanhotel.net
Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 361
08 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:44.000Z | level: 4 |
_id: 127e8650-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input
: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556386.973648C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---talente
d91-writer (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:44 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556386.973648
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
talented91-writer.xyz Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 3610
8 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:44.000Z | level: 4 |
_id: 127efb81-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input:

54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }

source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556384.968979C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---torvald
scallthat. (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556384.968979
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
torvaldscallthat.info Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cmaliciousjs via intel.criticalstack.com | gl2_remote_port: 3
6108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | level: 4
| _id: 1159b560-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inp
ut: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556384.968979C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---www.a (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556384.968979 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
www.appleidinfo.net
Intel::DOMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | l
evel: 4 | _id: 11596740-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556384.968979CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---www.s (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556384.968979 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
www.soidc.com Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | level: 4
| _id: 115a51a0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556385.477824CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---www24 (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556385.477824 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
www246.oliwei.com
Intel::DOMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | l
evel: 4 | _id: 115bb130-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro

.fc/intel.log; 1474556385.971477CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---shuan (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556385.971477 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
shuangying163.com
Intel::DOMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | l
evel: 4 | _id: 115c4d70-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556385.477824C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---zztxd (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556385.477824 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
zztxdown.com
Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | level: 4
| _id: 115b3c00-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556385.477824C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---wowusba
ttle.netIn (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556385.477824
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
wowusbattle.net Intel::DOMAIN
DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 36108 | gl2_
remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | level: 4 | _id: 115
b6310-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa4
ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556386.472168CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---taximor
ganizasyon (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556386.472168
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
taximorganizasyon.com Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 361
08 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | level: 4 |
_id: 115d10c0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input
: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556384.968979CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---www.a (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo

g/bro.fc/intel.log; 1474556384.968979 CIsvAz1QidPN2nCku3

10.206.91.101
36696 10.206.96.83
53
www.appleidinfo.net
Intel::DOMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | l
evel: 4 | _id: 11591920-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556384.968979C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---www.s (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556384.968979 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
www.soidc.com Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | level: 4
| _id: 11596741-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556384.968979CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---torvald
scallthat. (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556384.968979
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
torvaldscallthat.info Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cmaliciousjs via intel.criticalstack.com | gl2_remote_port: 3
6108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | level: 4
| _id: 115a9fc0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inp
ut: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556385.477824CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---zztxd (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556385.477824 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
zztxdown.com
Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | level: 4
| _id: 115aede0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556385.477824C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---www24 (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556385.477824 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
www246.oliwei.com
Intel::DOMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_

port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | l

evel: 4 | _id: 115c2660-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556385.972820C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---shuan (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556385.972820 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
shuangying163.com
Intel::DOMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | l
evel: 4 | _id: 115cc2a0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556385.477824CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---wowusba
ttle.netIn (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:42 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556385.477824
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
wowusbattle.net Intel::DOMAIN
DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 36108 | gl2_
remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:42.000Z | level: 4 | _id: 115
b14f0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa4
ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556384.472461C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---tnlcons
truction.c (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556384.472461
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
tnlconstruction.com
Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 3610
8 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | level: 4 |
_id: 0eddb8e1-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input:
54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556384.472461CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---tnlcons
truction.c (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556384.472461
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
tnlconstruction.com
Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 3610
8 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | level: 4 |
_id: 0ede7c30-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input:
54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }

source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556384.472461CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---ykkg. (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556384.472461 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
ykkg.com
Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | level: 4
| _id: 0edf1870-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556384.472461C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---ykkg. (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556384.472461 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
ykkg.com
Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | level: 4
| _id: 0ede0700-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556382.969508C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---www41 (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556382.969508 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
www41.bolo100.com
Intel::DOMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | l
evel: 4 | _id: 0edb20d0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556382.969508C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---sepun (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556382.969508 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
sepung.co.kr
Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | level: 4
| _id: 0edc0b30-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556382.969508CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---www21 (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_

message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556382.969508 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
www210.681luanlun.com
Intel::DOMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | l
evel: 4 | _id: 0edc5950-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556382.969508CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---shmjikr
hddazenp75 (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556382.969508
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
shmjikrhddazenp75.com Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2csuppobox via intel.criticalstack.com | gl2_remote_port: 3610
8 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | level: 4 |
_id: 0edca770-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input:
54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556382.969508C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.83
53---www21 (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556382.969508 C2qPFA3setvRp2ijNh
10.206.91.101
36696 10.206.96.83
53
www210.681luanlun.com
Intel::DOMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | l
evel: 4 | _id: 0edad2b0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556382.969508C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---shmjikr
hddazenp75 (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556382.969508
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
shmjikrhddazenp75.com Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2csuppobox via intel.criticalstack.com | gl2_remote_port: 3610
8 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | level: 4 |
_id: 0edb20d1-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input:
54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556382.969508CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---www41 (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556382.969508 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
www41.bolo100.com

Intel::DOMAIN DNS::IN_REQUEST worker-3-8

from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | l
evel: 4 | _id: 0edc8060-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556384.467331CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---xxvideo
hot-2015.g (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556384.467331
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
xxvideohot-2015.ga
Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 361
08 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | level: 4 |
_id: 0eddb8e0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input
: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556384.467331C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---xxvideo
hot-2015.g (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556384.467331
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
xxvideohot-2015.ga
Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 361
08 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | level: 4 |
_id: 0edd43b0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input
: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556384.472461CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---zensmut
.comIntel: (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556384.472461
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
zensmut.com
Intel::DOMAIN
DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2csuspicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl
2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | level: 4 | _id: 0
ede2e10-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5f
a4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556382.969508CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---sepun (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556382.969508 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
sepung.co.kr
Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | level: 4
| _id: 0edcce80-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu

t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }

source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556383.469551CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---www60 (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:40 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556383.469551 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
www60.rimklh.com
Intel::DOMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:40.000Z | l
evel: 4 | _id: 0edcf590-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556381.471735CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.8353---youaske
dthedomain (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:38 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556381.471735
CIsvAz1QidPN2nCku3
10.206.91.101 36696
10.206.96.83
53
youaskedthedomain.cn
Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cC&C via intel.criticalstack.com | gl2_remote_port: 36108 | g
l2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:38.000Z | level: 4 | _id:
0d82e3d1-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5
fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556381.960554C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---weed-fo
rums.mlInt (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:38 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556381.960554
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
weed-forums.ml Intel::DOMAIN
DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/files/dom
ains.txt\x2cmalicious via intel.criticalstack.com | gl2_remote_port: 36108 | gl2
_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:38.000Z | level: 4 | _id: 0d
83a720-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input: 54b5fa
4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro
.fc/intel.log; 1474556382.467771CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---zhs38 (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:38 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556382.467771 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
zhs389.com
Intel::D
OMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_port: 36
108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:38.000Z | level: 4
| _id: 0d844360-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_inpu
t: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 1002 - Unknown probl
em somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/log/bro

.fc/intel.log; 1474556382.467771CIsvAz1QidPN2nCku310.206.91.1013669610.206.96.83
53---wt82. (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:38 ossec ossec: Alert Level: 2; Rule: 1002 - Unknown
problem somewhere in the system.; Location: (beast) 10.206.96.95->/netlog/var/lo
g/bro.fc/intel.log; 1474556382.467771 CIsvAz1QidPN2nCku3
10.206.91.101
36696 10.206.96.83
53
wt82.downyouxi.com
Intel::DOMAIN DNS::IN_REQUEST worker-3-8
from http://mirror1.malwaredomai
ns.com/files/domains.txt\x2cattackpage via intel.criticalstack.com | gl2_remote_
port: 36108 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:38.000Z | l
evel: 4 | _id: 0d8506b0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_sou
rce_input: 54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }
source: ossec | message: ossec ossec: Alert Level: 2; Rule: 100102 - Evento Beas
t TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/intel.lo
g; 1474556382.467771C2qPFA3setvRp2ijNh10.206.91.1013669610.206.96.8353---techwir
ealert.com (...) { gl2_source_node: 2198afb3-a5b0-4cee-90be-98cc534a59c5 | full_
message: <132>Sep 22 09:58:38 ossec ossec: Alert Level: 2; Rule: 100102 - Evento
Beast TM - Mayantec; Location: (beast) 10.206.96.95->/netlog/var/log/bro.fc/int
el.log; 1474556382.467771
C2qPFA3setvRp2ijNh
10.206.91.101 36696
10.206.96.83
53
techwirealert.com
Intel::D
OMAIN DNS::IN_REQUEST worker-1-5
from http://mirror1.malwaredomains.com/f
iles/domains.txt\x2cphishing via intel.criticalstack.com | gl2_remote_port: 3610
8 | gl2_remote_ip: 127.0.0.1 | timestamp: 2016-09-22T14:58:38.000Z | level: 4 |
_id: 0d84dfa0-80d5-11e6-b81b-5645e6e2984b | facility: local0 | gl2_source_input:
54b5fa4ce4b0a1fbf5c63675 | streams: [5611f58ae4b0505cb77b78e0] }