Scan Report

This report identifies which network blocks are being scanned and when, which is useful to know in the event of a remote exploit.

Directly related to remote exploits is the scanning of different network blocks. It is very useful to know when and what is being targeted.

Fields

  • Date
    Date in UTC+0 of the event
  • Time
    Time in UTC+0 of the event
  • C&C
    Command and Control IP that started the scan
  • C&C Port
    IRC port of the C&C
  • C&C ASN
    ASN where the C&C resides
  • C&C Geo
    Country where the C&C resides
  • Channel
    IRC channel of the C&C
  • TGT
    Target network to be scanned
  • TGT ASN
    ASN of the target network
  • TGT Geo
    Country of the target network
  • Command
    Actual command that was issued to start the scan

Sample

"Date","Time","C&C","C&C Port","C&C ASN","C&C Geo","Channel","TGT","TGT ASN","TGT Geo","Command"
"2008-11-03","00:28:42","194.78.209.104",789,5432,"BE","##sleipnir##","192.168.x.x","","","192.168.x.x"
"2008-11-03","01:05:57","194.78.209.104",789,5432,"BE","##sleipnir##","142.177.x.x","","","142.177.x.x"
"2008-11-03","01:22:16","194.78.209.104",789,5432,"BE","##sleipnir##","192.168.x.x","","","192.168.x.x"
"2008-11-03","01:22:56","194.78.209.104",789,5432,"BE","##sleipnir##","192.168.x.x","","","192.168.x.x"
"2008-11-03","02:38:49","194.78.209.104",789,5432,"BE","##sleipnir##","221.254.x.x","","","221.254.x.x"
"2008-11-03","02:58:29","194.78.209.104",789,5432,"BE","##sleipnir##","142.162.x.x","","","142.162.x.x"
"2008-11-03","03:04:29","194.78.209.104",789,5432,"BE","##sleipnir##","192.168.x.x","","","192.168.x.x"
"2008-11-03","03:17:18","194.78.209.104",789,5432,"BE","##sleipnir##","142.162.x.x","","","142.162.x.x"
"2008-11-03","03:41:50","194.78.209.104",789,5432,"BE","##sleipnir##","221.254.x.x","","","221.254.x.x"
"2008-11-03","04:00:20","89.149.210.96",6667,28753,"PL","#diisni","210.197.x.x","","","210.197.x.x"
"2008-11-03","04:33:47","70.253.89.19",4200,7132,"US","##rage","144.x.x.x","","","!scan"

Our 76 Report Types