BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    SSHScanner_botHunter.txt
  Last Updated: Tue Dec 29 13:38:34 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.1.151
 1.8 VIEW 159
  • 208.0.194.121 (Station121.Ethelwalker.Org), Country: United States (Us), City: (Unknown City).
  • 208.9.98.208 Country: United States (Us), City: Broomfield, Co.
  • 208.11.76.76 Country: United States (Us), City: (Unknown City).
  • 208.15.20.72 Country: United States (Us), City: (Unknown City).
  • 208.16.109.62 Country: United States (Us), City: (Unknown City).
  • 208.28.98.208 Country: United States (Us), City: (Unknown City).
  • 1:2632222 {tcp} E2[dns] BHDNS SPYWARE-CONTACT: mitglied.lycos.de (zeus/wsnpoem v1 trojan), [/api/livesuite/pickup.asmx?1B35FDFF8A929B86776C97C7CE0E9B14681C8A748A74178D6B8F607215369089FA240B3E9B22D3B04EAA651D63D22F920169] MAC_Dst: 00:00:5E:00:01:6F; 38094->80
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 21 IPs (1 /24s) (# pkts S/M/O/I=0/0/22/0): 22:22
  • 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 57920->22
  • 1:2632222 {tcp} E2[dns] BHDNS SPYWARE-CONTACT: mitglied.lycos.de (zeus/wsnpoem v1 trojan), [/api/livesuite/pickup.asmx?1B35FDFF8A929B86776C97C7CE0E9B14681C8A748A74178D6B8F607215369089FA240B3E9B22D3B04EAA651D63D22F920169] MAC_Dst: 00:00:5E:00:01:6F; 38094->80
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (2 /24s) (# pkts S/M/O/I=0/0/65535/0): 22:65535, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (4 /24s) (# pkts S/M/O/I=0/0/65535/0): 22:65535, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (3 /24s) (# pkts S/M/O/I=0/0/65535/0): 22:65535, 6667:11, 62532:2
  • 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 57876->22
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (13 /24s) (# pkts S/M/O/I=0/0/65535/0): 22:65535, 6667:24, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (13 /24s) (# pkts S/M/O/I=0/0/65535/4): 22:65535, 6667:29, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (15 /24s) (# pkts S/M/O/I=0/0/65535/4): 22:65535, 6667:33, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (15 /24s) (# pkts S/M/O/I=0/0/65535/4): 22:65535, 6667:35, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (12 /24s) (# pkts S/M/O/I=0/0/65535/4): 22:65535, 6667:43, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (12 /24s) (# pkts S/M/O/I=0/0/65535/4): 22:65535, 6667:47, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (13 /24s) (# pkts S/M/O/I=0/0/65535/4): 22:65535, 6667:47, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (13 /24s) (# pkts S/M/O/I=0/0/65535/4): 22:65535, 6667:49, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (8 /24s) (# pkts S/M/O/I=0/0/65535/4): 22:65535, 6667:57, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (14 /24s) (# pkts S/M/O/I=0/0/65535/4): 22:65535, 6667:59, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (12 /24s) (# pkts S/M/O/I=0/0/65535/4): 22:65535, 6667:59, 62532:2
  • 777:7777005 {tcp} Outbound Scan: Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=0/0/65535/4): 22:65535, 6667:69, 62532:2