BotHunter ®
Live Internet Monitor Page
Computer Science Laboratory
SRI International
Last Updated: Mon Jul 16 23:00:02 2012
|
|
|
|
Victim IP
|
Max Score
|
Profiles
|
CCs
|
Events
|
192.168.1.40
|
1.1 |
VIEW 2 |
|
- 1:22009200 {tcp} Inbound Attack: ET CURRENT_EVENTS Conficker.a Shellcode MAC_Dst: 00:30:48:30:03:AE; 445<-4753
|
192.168.1.238
|
0.8 |
VIEW 1 |
|
- 1:2299913 (4) {tcp} Inbound Attack: ET SHELLCODE x86 0x90 unicode NOOP MAC_Dst: 00:30:48:30:03:AE; 445<-4467
- 1:552123 {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 1022->4502
|
192.168.1.175
|
1.9 |
VIEW 2 |
|
- 1:22000032 {tcp} Inbound Attack: ET EXPLOIT LSA exploit MAC_Dst: 00:30:48:30:03:AE; 445<-1645
- 1:22000033 {tcp} Inbound Attack: ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) MAC_Dst: 00:30:48:30:03:AE; 445<-1645
- 1:2299913 (2) {tcp} Inbound Attack: ET SHELLCODE x86 0x90 unicode NOOP MAC_Dst: 00:30:48:30:03:AE; 445<-1645
- 1:3300003 {tcp} Egg Download: BotHunter HTTP-based .exe Upload on backdoor port; 1031->5226
|
192.168.1.100
|
1.6 |
VIEW 52 |
- 130.104.72.201 130.104.72.201 , , , .
- 128.2.211.114 128.2.211.114 , , , .
- 129.93.229.138 129.93.229.138 , , , .
- 137.165.1.111 137.165.1.111 , , , .
- 138.238.250.155 138.238.250.155 , , , .
|
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2001<-2026
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2011<-2022
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2013<-2003
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2024<-2014
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2011<-2002
- 1:52012087 {udp} Outbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode; 2011->2007
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2017<-2014
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2018<-2026
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2025<-2020
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2024<-2002
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2017<-2029
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2010<-2006
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2002<-2002
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2018<-2020
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2015<-2012
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2010<-2021
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2011<-2012
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2009<-2016
- 1:52012087 {udp} Outbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode; 2003->2006
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:BB:0C; 2019<-2012
|
192.168.1.46
|
1.1 |
VIEW 5 |
|
- 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 43759->22
- 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 52547->22
- 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 50356->22
- 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 35707->22
- 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 33381->22
- 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 57641->22
- 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 55968->22
|
192.168.1.202
|
0.8 |
VIEW 1 |
|
|
192.168.1.12
|
0.8 |
VIEW 1 |
|
|
192.168.1.201
|
0.8 |
VIEW 1 |
|
- 1:22003081 (2) {tcp} Inbound Attack: ET EXPLOIT NETBIOS SMB DCERPC NetrpPathCanonicalize request (possible MS06-040) MAC_Dst: 00:30:48:30:03:AE; 139<-2139
- 1:22003082 (2) {tcp} Inbound Attack: ET EXPLOIT NETBIOS SMB-DS DCERPC NetrpPathCanonicalize request (possible MS06-040) MAC_Dst: 00:30:48:30:03:AE; 139<-2139
- 1:2000419 {tcp} Egg Download: ET POLICY PE EXE or DLL Windows file download; 9988<-3097
|
192.168.1.85
|
1.0 |
VIEW 1 |
|
- 1:2001220 (2) {tcp} C&C Communication: BLEEDING-EDGE WORM RXBOT / rbOT Exploit Report; 80->4517
- 1:552123 {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 80->38793
|
192.168.1.102
|
1.7 |
VIEW 56 |
- 195.37.16.125 195.37.16.125 , , , .
- 128.2.211.114 128.2.211.114 , , , .
- 188.93.19.162 188.93.19.162 , , , .
- 132.239.17.226 132.239.17.226 , , , .
- 143.89.49.74 143.89.49.74 , , , .
- 128.186.122.86 128.186.122.86 , , , .
- 128.163.142.20 128.163.142.20 , , , .
- 129.93.229.138 129.93.229.138 , , , .
- 206.207.248.34 206.207.248.34 , , , .
- 130.149.49.136 130.149.49.136 , , , .
- 199.255.189.60 199.255.189.60 , , , .
- 134.34.246.5 134.34.246.5 , , , .
- 138.238.250.155 138.238.250.155 , , , .
|
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2004<-2029
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2009<-2026
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2028<-2026
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2024<-2004
- 1:3810007 {tcp} Russian Business Network: ET Known Russian Business Network Monitored Domain; 4815->53562
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2008<-2022
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2020<-2018
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2006<-2026
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2023<-2007
- 1:52012087 {udp} Outbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode; 2017->2002
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2007<-2011
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2002<-2025
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2011<-2019
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2013<-2003
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2011<-2001
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2025<-2006
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2024<-2007
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2019<-2022
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2019<-2028
- 1:22012087 {udp} Inbound Attack: (experimental) SHELLCODE Possible Call with No Offset UDP Shellcode MAC_Dst: 00:21:5A:08:EC:40; 2005<-2015
|
|
|