Snort Statistics

The log begins at: 03 01 14:19:11
The log ends at: 03 06 09:22:01
Total events: 900
Signatures recorded: 141
Source IP recorded: 52
Destination IP recorded: 5
Portscan detected: 2

Number of attack from same host to same destination using same method

# of attacksfromtowith
26524.197.194.106172.16.134.191 WEB-IIS .... access
25024.197.194.106172.16.134.191 WEB-IIS cmd.exe access
3424.197.194.106172.16.134.191 WEB-IIS scripts access
2524.197.194.106172.16.134.191 WEB-FRONTPAGE fourdots request
2324.197.194.106172.16.134.191 WEB-MISC http directory traversal
1424.197.194.106172.16.134.191 WEB-IIS .htr access
11210.22.204.101172.16.134.191 WEB-IIS ISAPI .ida attempt
11210.22.204.101172.16.134.191 WEB-IIS cmd.exe access
924.197.194.106172.16.134.191 WEB-IIS asp-dot attempt
824.197.194.106172.16.134.191 WEB-IIS webhits access
724.197.194.106172.16.134.191 WEB-IIS SAM Attempt
624.197.194.106172.16.134.191 WEB-IIS iissamples access
624.197.194.106172.16.134.191 WEB-IIS +.htr code fragment attempt
461.150.72.7172.16.134.191 MS-SQL Worm propagation attempt
424.197.194.106172.16.134.191 WEB-FRONTPAGE /_vti_bin/ access
424.197.194.106172.16.134.191 WEB-COLDFUSION expeval access
424.197.194.106172.16.134.191 WEB-IIS iisadmin access
3172.16.134.191207.172.16.156 WEB-IIS scripts access
361.132.88.90172.16.134.191 MS-SQL Worm propagation attempt
324.197.194.106172.16.134.191 WEB-CGI wguest.exe access
324.197.194.106172.16.134.191 WEB-CGI perl.exe access
324.197.194.106172.16.134.191 WEB-IIS showcode.asp access
324.197.194.106172.16.134.191 WEB-IIS fpcount access
324.197.194.106172.16.134.191 WEB-IIS .asp::$DATA access
324.197.194.106172.16.134.191 WEB-COLDFUSION snippets attempt
324.197.194.106172.16.134.191 WEB-CGI visadmin.exe access
224.197.194.106172.16.134.191 WEB-CGI tst.bat access
224.197.194.106172.16.134.191 WEB-MISC get32.exe access
224.197.194.106172.16.134.191 WEB-CGI cart32.exe access
224.197.194.106172.16.134.191 WEB-COLDFUSION getfile.cfm access
224.197.194.106172.16.134.191 WEB-MISC novell groupwise gwweb.exe access
224.197.194.106172.16.134.191 WEB-CGI rguest.exe access
224.197.194.106172.16.134.191 WEB-IIS srchadm access
224.197.194.106172.16.134.191 WEB-IIS mkilog.exe access
2218.4.99.237172.16.134.191 MS-SQL Worm propagation attempt
261.134.45.19172.16.134.191 MS-SQL Worm propagation attempt
224.197.194.106172.16.134.191 WEB-IIS search97.vts access
224.197.194.106172.16.134.191 WEB-MISC Domino catalog.nsf access
224.197.194.106172.16.134.191 WEB-IIS /iisadmpwd/aexp2.htr access
224.197.194.106172.16.134.191 WEB-COLDFUSION exampleapp access
261.150.120.72172.16.134.191 MS-SQL Worm propagation attempt
224.197.194.106172.16.134.191 WEB-IIS jet vba access
224.197.194.106172.16.134.191 WEB-COLDFUSION cfcache.map access
224.197.194.106172.16.134.191 WEB-IIS cmd32.exe access
224.197.194.106172.16.134.191 WEB-COLDFUSION exprcalc access
224.197.194.106172.16.134.191 WEB-CGI cgimail access
224.197.194.106172.16.134.191 WEB-FRONTPAGE shtml.dll access
224.197.194.106172.16.134.191 WEB-IIS JET VBA access
124.197.194.106172.16.134.191 WEB-CGI eXtropia webstore access
168.37.54.69172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-IIS ISAPI .ida access
1216.192.145.21172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-CGI test.cgi access
1212.162.165.18172.16.134.191 MS-SQL Worm propagation attempt
1200.135.228.10172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-IIS fpcount attempt
124.197.194.106172.16.134.191 WEB-MISC ICQ webserver DOS
166.81.131.17172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-COLDFUSION beaninfo access
124.197.194.106172.16.134.191 WEB-FRONTPAGE register.txt access
124.197.194.106172.16.134.191 WEB-CGI user_update_passwd.pl access
124.197.194.106172.16.134.191 WEB-CGI user_update_admin.pl access
124.197.194.106172.16.134.191 WEB-CGI test.bat access
124.197.194.106172.16.134.191 WEB-CGI input.bat access
124.197.194.106172.16.134.191 WEB-IIS uploadn.asp access
1172.16.134.191217.199.175.10 CHAT IRC nick change
124.197.194.106172.16.134.191 WEB-MISC SmartWin CyberOffice Shopping Cart access
124.197.194.106172.16.134.191 WEB-IIS codebrowser SDK access
1218.4.65.115172.16.134.191 MS-SQL Worm propagation attempt
1217.35.65.9172.16.134.191 MS-SQL Worm propagation attempt
168.45.123.130172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-IIS .bat? access
124.197.194.106172.16.134.191 WEB-IIS site server config access
124.197.194.106172.16.134.191 WEB-CGI guestbook.cgi access
124.197.194.106172.16.134.191 WEB-CGI redirect access
124.197.194.106172.16.134.191 WEB-MISC .wwwacl access
1213.122.77.74172.16.134.191 MS-SQL Worm propagation attempt
181.57.217.208172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-IIS ctss.idc access
124.197.194.106172.16.134.191 WEB-MISC AuthChangeUrl access
1200.50.124.2172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-CGI win-c-sample.exe access
14.33.244.44172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-FRONTPAGE users.pwd access
124.197.194.106172.16.134.191 WEB-COLDFUSION fileexists.cfm access
1219.145.211.132172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-IIS newdsn.exe access
1172.16.134.19163.241.174.144 CHAT IRC nick change
161.132.88.50172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-IIS getdrvs.exe access
124.197.194.106172.16.134.191 WEB-MISC ws_ftp.ini access
124.197.194.106172.16.134.191 WEB-FRONTPAGE fpadmin.htm access
124.197.194.106172.16.134.191 WEB-CGI imagemap.exe access
124.197.194.106172.16.134.191 WEB-FRONTPAGE shtml.exe access
124.197.194.106172.16.134.191 WEB-MISC wwwboard.pl access
124.197.194.106172.16.134.191 WEB-MISC adminlogin access
124.197.194.106172.16.134.191 WEB-IIS repost.asp access
124.74.199.104172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-IIS adctest.asp access
124.197.194.106172.16.134.191 WEB-MISC search.dll access
124.197.194.106172.16.134.191 WEB-IIS ISAPI .printer access
124.197.194.106172.16.134.191 WEB-CGI uploader.exe access
112.253.142.87172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-CGI tstisapi.dll access
124.197.194.106172.16.134.191 WEB-IIS ism.dll access
112.83.147.97172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-MISC backup access
124.197.194.106172.16.134.191 WEB-FRONTPAGE orders.txt access
124.197.194.106172.16.134.191 WEB-COLDFUSION cfappman access
124.197.194.106172.16.134.191 WEB-CGI dbman db.cgi access
1200.74.26.73172.16.134.191 SCAN SOCKS Proxy attempt
124.197.194.106172.16.134.191 WEB-IIS MSProxy access
124.197.194.106172.16.134.191 WEB-COLDFUSION sendmail.cfm access
124.197.194.106172.16.134.191 WEB-MISC .htaccess access
167.201.75.38172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-CGI echo.bat access
124.197.194.106172.16.134.191 WEB-MISC queryhit.htm access
1206.149.148.192172.16.134.191 MS-SQL Worm propagation attempt
1218.244.66.32172.16.134.191 MS-SQL Worm propagation attempt
1219.145.211.3172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-CGI bb-hostscv.sh access
124.197.194.106172.16.134.191 WEB-MISC Ecommerce import.txt access
124.197.194.106172.16.134.191 WEB-CGI ppdscgi.exe access
124.197.194.106172.16.134.191 WEB-FRONTPAGE administrators.pwd access
124.197.194.106172.16.134.191 WEB-MISC cgitest.exe access
161.177.56.98172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-COLDFUSION evaluate.cfm access
124.197.194.106172.16.134.191 WEB-IIS ISAPI .idq attempt
124.197.194.106172.16.134.191 WEB-CGI Web Shopper shopper.cgi access
124.197.194.106172.16.134.191 WEB-CGI args.bat access
124.197.194.106172.16.134.191 WEB-IIS doctodep.btr access
124.197.194.106172.16.134.191 WEB-CGI /cgi-bin/ls access
124.197.194.106172.16.134.191 WEB-COLDFUSION parks access
124.197.194.106172.16.134.191 WEB-IIS htimage.exe access
124.197.194.106172.16.134.191 WEB-CGI envout.bat access
124.197.194.106172.16.134.191 WEB-CGI snorkerz.cmd access
124.197.194.106172.16.134.191 WEB-COLDFUSION startstop DOS access
161.185.29.9172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-COLDFUSION cfmlsyntaxcheck.cfm access
161.185.212.166172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-IIS msadcs.dll access
124.197.194.106172.16.134.191 WEB-IIS ISAPI .ida attempt
124.167.221.106172.16.134.191 MS-SQL Worm propagation attempt
1218.4.48.74172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-CGI /wwwboard/passwd.txt access
124.197.194.106172.16.134.191 WEB-FRONTPAGE registrations.txt access
166.8.163.125172.16.134.191 WEB-IIS view source via translate header
161.177.62.66172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-CGI args.cmd access
1205.180.159.35172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-COLDFUSION addcontent.cfm access
161.185.242.190172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-FRONTPAGE authors.pwd access
124.197.194.106172.16.134.191 WEB-MISC order.log access
124.197.194.106172.16.134.191 WEB-COLDFUSION application.cfm access
124.197.194.106172.16.134.191 WEB-CGI alibaba.pl access
124.197.194.106172.16.134.191 WEB-FRONTPAGE service.pwd
124.197.194.106172.16.134.191 WEB-FRONTPAGE form_results access
1212.122.20.74172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-CGI input2.bat access
1216.229.73.11172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-MISC windmail.exe access
124.197.194.106172.16.134.191 WEB-FRONTPAGE _vti_rpc access
161.185.215.42172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-IIS CodeRed v2 root.exe access
124.197.194.106172.16.134.191 WEB-IIS query.asp access
1218.92.13.142172.16.134.191 MS-SQL Worm propagation attempt
1168.243.103.205172.16.134.191 MS-SQL Worm propagation attempt
161.203.104.148172.16.134.191 MS-SQL Worm propagation attempt
1213.170.56.83172.16.134.191 MS-SQL Worm propagation attempt
1218.4.87.137172.16.134.191 MS-SQL Worm propagation attempt
112.252.61.161172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-IIS pbserver access
124.197.194.106172.16.134.191 WEB-MISC netscape admin passwd
161.8.1.64172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-MISC robots.txt access
124.197.194.106172.16.134.191 WEB-IIS codebrowser Exair access
124.197.194.106172.16.134.191 WEB-MISC Trend Micro OfficeScan access
167.81.161.166172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-MISC Domino log.nsf access
124.197.194.106172.16.134.191 WEB-IIS /msadc/samples/ access
124.197.194.106172.16.134.191 WEB-CGI hello.bat access
1172.16.134.191209.196.44.172 CHAT IRC nick change
124.197.194.106172.16.134.191 WEB-COLDFUSION administrator access
124.197.194.106172.16.134.191 WEB-IIS ISAPI .idq access
166.233.4.225172.16.134.191 MS-SQL Worm propagation attempt
168.84.210.227172.16.134.191 MS-SQL Worm propagation attempt
124.197.194.106172.16.134.191 WEB-IIS _vti_inf access
124.197.194.106172.16.134.191 WEB-COLDFUSION exampleapp application.cfm
124.197.194.106172.16.134.191 WEB-MISC admin.php access
124.197.194.106172.16.134.191 WEB-IIS /scripts/samples/ access
124.197.194.106172.16.134.191 WEB-FRONTPAGE dvwssr.dll access
Top

Percentage and number of attacks from a host to a destination

%# of attacksfromto
90.5681524.197.194.106 172.16.134.191
2.4422210.22.204.101 172.16.134.191
0.444 61.150.72.7 172.16.134.191
0.333 172.16.134.191 207.172.16.156
0.333 61.132.88.90 172.16.134.191
0.222 61.150.120.72 172.16.134.191
0.222 61.134.45.19 172.16.134.191
0.222 218.4.99.237 172.16.134.191
0.111 61.185.29.9 172.16.134.191
0.111 168.243.103.205 172.16.134.191
0.111 172.16.134.191 63.241.174.144
0.111 61.203.104.148 172.16.134.191
0.111 12.252.61.161 172.16.134.191
0.111 61.177.56.98 172.16.134.191
0.111 200.74.26.73 172.16.134.191
0.111 172.16.134.191 209.196.44.172
0.111 216.229.73.11 172.16.134.191
0.111 172.16.134.191 217.199.175.10
0.111 66.233.4.225 172.16.134.191
0.111 24.167.221.106 172.16.134.191
0.111 218.4.87.137 172.16.134.191
0.111 218.92.13.142 172.16.134.191
0.111 68.37.54.69 172.16.134.191
0.111 213.122.77.74 172.16.134.191
0.111 200.50.124.2 172.16.134.191
0.111 205.180.159.35 172.16.134.191
0.111 12.253.142.87 172.16.134.191
0.111 67.81.161.166 172.16.134.191
0.111 68.45.123.130 172.16.134.191
0.111 218.244.66.32 172.16.134.191
0.111 66.81.131.17 172.16.134.191
0.111 219.145.211.3 172.16.134.191
0.111 218.4.48.74 172.16.134.191
0.111 212.162.165.18 172.16.134.191
0.111 61.185.242.190 172.16.134.191
0.111 61.177.62.66 172.16.134.191
0.111 61.132.88.50 172.16.134.191
0.111 213.170.56.83 172.16.134.191
0.111 219.145.211.132 172.16.134.191
0.111 81.57.217.208 172.16.134.191
0.111 61.185.215.42 172.16.134.191
0.111 216.192.145.21 172.16.134.191
0.111 206.149.148.192 172.16.134.191
0.111 200.135.228.10 172.16.134.191
0.111 12.83.147.97 172.16.134.191
0.111 67.201.75.38 172.16.134.191
0.111 61.185.212.166 172.16.134.191
0.111 66.8.163.125 172.16.134.191
0.111 68.84.210.227 172.16.134.191
0.111 61.8.1.64 172.16.134.191
0.111 4.33.244.44 172.16.134.191
0.111 218.4.65.115 172.16.134.191
0.111 212.122.20.74 172.16.134.191
0.111 217.35.65.9 172.16.134.191
0.111 24.74.199.104 172.16.134.191
Top

Percentage and number of attacks from one host to any with same method

%# of attacksfromtype
29.44265 24.197.194.106 WEB-IIS .... access
27.78250 24.197.194.106 WEB-IIS cmd.exe access
3.7834 24.197.194.106 WEB-IIS scripts access
2.7825 24.197.194.106 WEB-FRONTPAGE fourdots request
2.5623 24.197.194.106 WEB-MISC http directory traversal
1.5614 24.197.194.106 WEB-IIS .htr access
1.2211 210.22.204.101 WEB-IIS ISAPI .ida attempt
1.2211 210.22.204.101 WEB-IIS cmd.exe access
1.009 24.197.194.106 WEB-IIS asp-dot attempt
0.898 24.197.194.106 WEB-IIS webhits access
0.787 24.197.194.106 WEB-IIS SAM Attempt
0.676 24.197.194.106 WEB-IIS +.htr code fragment attempt
0.676 24.197.194.106 WEB-IIS iissamples access
0.444 61.150.72.7 MS-SQL Worm propagation attempt
0.444 24.197.194.106 WEB-IIS iisadmin access
0.444 24.197.194.106 WEB-FRONTPAGE /_vti_bin/ access
0.444 24.197.194.106 WEB-COLDFUSION expeval access
0.333 24.197.194.106 WEB-IIS .asp::$DATA access
0.333 172.16.134.191 CHAT IRC nick change
0.333 24.197.194.106 WEB-IIS fpcount access
0.333 24.197.194.106 WEB-CGI wguest.exe access
0.333 172.16.134.191 WEB-IIS scripts access
0.333 24.197.194.106 WEB-IIS showcode.asp access
0.333 24.197.194.106 WEB-CGI visadmin.exe access
0.333 24.197.194.106 WEB-CGI perl.exe access
0.333 24.197.194.106 WEB-COLDFUSION snippets attempt
0.333 61.132.88.90 MS-SQL Worm propagation attempt
0.222 24.197.194.106 WEB-FRONTPAGE shtml.dll access
0.222 24.197.194.106 WEB-CGI rguest.exe access
0.222 24.197.194.106 WEB-IIS /iisadmpwd/aexp2.htr access
0.222 24.197.194.106 WEB-MISC Domino catalog.nsf access
0.222 24.197.194.106 WEB-COLDFUSION exprcalc access
0.222 24.197.194.106 WEB-IIS cmd32.exe access
0.222 61.150.120.72 MS-SQL Worm propagation attempt
0.222 24.197.194.106 WEB-IIS jet vba access
0.222 24.197.194.106 WEB-IIS search97.vts access
0.222 24.197.194.106 WEB-MISC novell groupwise gwweb.exe access
0.222 24.197.194.106 WEB-IIS mkilog.exe access
0.222 218.4.99.237 MS-SQL Worm propagation attempt
0.222 61.134.45.19 MS-SQL Worm propagation attempt
0.222 24.197.194.106 WEB-CGI cart32.exe access
0.222 24.197.194.106 WEB-CGI tst.bat access
0.222 24.197.194.106 WEB-MISC get32.exe access
0.222 24.197.194.106 WEB-IIS JET VBA access
0.222 24.197.194.106 WEB-COLDFUSION getfile.cfm access
0.222 24.197.194.106 WEB-COLDFUSION exampleapp access
0.222 24.197.194.106 WEB-IIS srchadm access
0.222 24.197.194.106 WEB-CGI cgimail access
0.222 24.197.194.106 WEB-COLDFUSION cfcache.map access
0.111 200.50.124.2 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-COLDFUSION beaninfo access
0.111 68.84.210.227 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-CGI user_update_admin.pl access
0.111 24.197.194.106 WEB-IIS pbserver access
0.111 12.83.147.97 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-IIS ISAPI .ida attempt
0.111 24.197.194.106 WEB-COLDFUSION startstop DOS access
0.111 24.197.194.106 WEB-CGI args.cmd access
0.111 24.197.194.106 WEB-MISC Trend Micro OfficeScan access
0.111 24.197.194.106 WEB-IIS ISAPI .idq attempt
0.111 24.197.194.106 WEB-FRONTPAGE administrators.pwd access
0.111 24.197.194.106 WEB-FRONTPAGE authors.pwd access
0.111 61.185.29.9 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-IIS msadcs.dll access
0.111 24.197.194.106 WEB-CGI eXtropia webstore access
0.111 24.197.194.106 WEB-COLDFUSION sendmail.cfm access
0.111 24.197.194.106 WEB-IIS adctest.asp access
0.111 4.33.244.44 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-COLDFUSION evaluate.cfm access
0.111 24.197.194.106 WEB-MISC cgitest.exe access
0.111 219.145.211.3 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-FRONTPAGE registrations.txt access
0.111 24.197.194.106 WEB-FRONTPAGE fpadmin.htm access
0.111 24.197.194.106 WEB-FRONTPAGE users.pwd access
0.111 24.197.194.106 WEB-COLDFUSION fileexists.cfm access
0.111 24.197.194.106 WEB-IIS uploadn.asp access
0.111 24.197.194.106 WEB-CGI redirect access
0.111 24.197.194.106 WEB-CGI input.bat access
0.111 24.197.194.106 WEB-MISC netscape admin passwd
0.111 24.197.194.106 WEB-CGI test.bat access
0.111 24.197.194.106 WEB-CGI ppdscgi.exe access
0.111 24.197.194.106 WEB-MISC Ecommerce import.txt access
0.111 24.197.194.106 WEB-MISC robots.txt access
0.111 24.197.194.106 WEB-MISC backup access
0.111 24.197.194.106 WEB-CGI guestbook.cgi access
0.111 213.122.77.74 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-CGI /wwwboard/passwd.txt access
0.111 67.81.161.166 MS-SQL Worm propagation attempt
0.111 218.4.48.74 MS-SQL Worm propagation attempt
0.111 216.229.73.11 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-CGI win-c-sample.exe access
0.111 61.185.242.190 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-COLDFUSION cfappman access
0.111 24.197.194.106 WEB-IIS .bat? access
0.111 24.197.194.106 WEB-IIS htimage.exe access
0.111 24.197.194.106 WEB-COLDFUSION addcontent.cfm access
0.111 66.8.163.125 WEB-IIS view source via translate header
0.111 218.4.87.137 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-MISC AuthChangeUrl access
0.111 219.145.211.132 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-CGI test.cgi access
0.111 200.135.228.10 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-IIS ISAPI .idq access
0.111 24.197.194.106 WEB-IIS doctodep.btr access
0.111 24.197.194.106 WEB-IIS /scripts/samples/ access
0.111 24.197.194.106 WEB-CGI tstisapi.dll access
0.111 24.197.194.106 WEB-COLDFUSION parks access
0.111 24.197.194.106 WEB-CGI bb-hostscv.sh access
0.111 24.197.194.106 WEB-CGI snorkerz.cmd access
0.111 12.252.61.161 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-COLDFUSION exampleapp application.cfm
0.111 24.197.194.106 WEB-CGI echo.bat access
0.111 24.197.194.106 WEB-IIS CodeRed v2 root.exe access
0.111 24.197.194.106 WEB-IIS MSProxy access
0.111 24.197.194.106 WEB-CGI Web Shopper shopper.cgi access
0.111 24.197.194.106 WEB-CGI hello.bat access
0.111 213.170.56.83 MS-SQL Worm propagation attempt
0.111 66.233.4.225 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-IIS codebrowser SDK access
0.111 61.185.215.42 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-CGI user_update_passwd.pl access
0.111 61.203.104.148 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-FRONTPAGE shtml.exe access
0.111 67.201.75.38 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-IIS ism.dll access
0.111 24.197.194.106 WEB-MISC queryhit.htm access
0.111 24.197.194.106 WEB-IIS repost.asp access
0.111 24.197.194.106 WEB-COLDFUSION administrator access
0.111 24.197.194.106 WEB-CGI alibaba.pl access
0.111 24.197.194.106 WEB-MISC SmartWin CyberOffice Shopping Cart access
0.111 24.197.194.106 WEB-MISC ICQ webserver DOS
0.111 212.122.20.74 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-MISC order.log access
0.111 24.197.194.106 WEB-FRONTPAGE _vti_rpc access
0.111 68.37.54.69 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-FRONTPAGE service.pwd
0.111 12.253.142.87 MS-SQL Worm propagation attempt
0.111 61.8.1.64 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-IIS getdrvs.exe access
0.111 24.197.194.106 WEB-IIS newdsn.exe access
0.111 24.197.194.106 WEB-IIS fpcount attempt
0.111 205.180.159.35 MS-SQL Worm propagation attempt
0.111 168.243.103.205 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-CGI imagemap.exe access
0.111 68.45.123.130 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-MISC search.dll access
0.111 24.197.194.106 WEB-FRONTPAGE register.txt access
0.111 24.197.194.106 WEB-IIS ISAPI .printer access
0.111 24.197.194.106 WEB-MISC ws_ftp.ini access
0.111 24.197.194.106 WEB-MISC .wwwacl access
0.111 81.57.217.208 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-CGI uploader.exe access
0.111 200.74.26.73 SCAN SOCKS Proxy attempt
0.111 24.197.194.106 WEB-IIS ctss.idc access
0.111 24.197.194.106 WEB-MISC wwwboard.pl access
0.111 61.185.212.166 MS-SQL Worm propagation attempt
0.111 216.192.145.21 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-CGI args.bat access
0.111 24.197.194.106 WEB-FRONTPAGE orders.txt access
0.111 206.149.148.192 MS-SQL Worm propagation attempt
0.111 218.92.13.142 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-CGI envout.bat access
0.111 24.197.194.106 WEB-COLDFUSION cfmlsyntaxcheck.cfm access
0.111 24.197.194.106 WEB-FRONTPAGE form_results access
0.111 217.35.65.9 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-IIS /msadc/samples/ access
0.111 24.197.194.106 WEB-MISC .htaccess access
0.111 24.197.194.106 WEB-MISC admin.php access
0.111 66.81.131.17 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-CGI dbman db.cgi access
0.111 24.197.194.106 WEB-IIS query.asp access
0.111 24.74.199.104 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-MISC adminlogin access
0.111 212.162.165.18 MS-SQL Worm propagation attempt
0.111 61.132.88.50 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-CGI /cgi-bin/ls access
0.111 218.4.65.115 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-IIS site server config access
0.111 24.197.194.106 WEB-IIS _vti_inf access
0.111 24.197.194.106 WEB-IIS ISAPI .ida access
0.111 24.197.194.106 WEB-IIS codebrowser Exair access
0.111 24.197.194.106 WEB-MISC Domino log.nsf access
0.111 24.197.194.106 WEB-FRONTPAGE dvwssr.dll access
0.111 218.244.66.32 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-COLDFUSION application.cfm access
0.111 24.197.194.106 WEB-CGI input2.bat access
0.111 61.177.56.98 MS-SQL Worm propagation attempt
0.111 61.177.62.66 MS-SQL Worm propagation attempt
0.111 24.167.221.106 MS-SQL Worm propagation attempt
0.111 24.197.194.106 WEB-MISC windmail.exe access
Top

Percentage and number of attacks to one certain host

%# of attackstotype
29.44265 172.16.134.191 WEB-IIS .... access
29.00261 172.16.134.191 WEB-IIS cmd.exe access
6.1155 172.16.134.191 MS-SQL Worm propagation attempt
3.7834 172.16.134.191 WEB-IIS scripts access
2.7825 172.16.134.191 WEB-FRONTPAGE fourdots request
2.5623 172.16.134.191 WEB-MISC http directory traversal
1.5614 172.16.134.191 WEB-IIS .htr access
1.3312 172.16.134.191 WEB-IIS ISAPI .ida attempt
1.009 172.16.134.191 WEB-IIS asp-dot attempt
0.898 172.16.134.191 WEB-IIS webhits access
0.787 172.16.134.191 WEB-IIS SAM Attempt
0.676 172.16.134.191 WEB-IIS +.htr code fragment attempt
0.676 172.16.134.191 WEB-IIS iissamples access
0.444 172.16.134.191 WEB-COLDFUSION expeval access
0.444 172.16.134.191 WEB-IIS iisadmin access
0.444 172.16.134.191 WEB-FRONTPAGE /_vti_bin/ access
0.333 172.16.134.191 WEB-IIS fpcount access
0.333 172.16.134.191 WEB-IIS .asp::$DATA access
0.333 172.16.134.191 WEB-COLDFUSION snippets attempt
0.333 207.172.16.156 WEB-IIS scripts access
0.333 172.16.134.191 WEB-CGI visadmin.exe access
0.333 172.16.134.191 WEB-CGI perl.exe access
0.333 172.16.134.191 WEB-IIS showcode.asp access
0.333 172.16.134.191 WEB-CGI wguest.exe access
0.222 172.16.134.191 WEB-CGI tst.bat access
0.222 172.16.134.191 WEB-COLDFUSION exprcalc access
0.222 172.16.134.191 WEB-MISC novell groupwise gwweb.exe access
0.222 172.16.134.191 WEB-IIS jet vba access
0.222 172.16.134.191 WEB-IIS cmd32.exe access
0.222 172.16.134.191 WEB-IIS mkilog.exe access
0.222 172.16.134.191 WEB-CGI cgimail access
0.222 172.16.134.191 WEB-IIS srchadm access
0.222 172.16.134.191 WEB-MISC Domino catalog.nsf access
0.222 172.16.134.191 WEB-COLDFUSION getfile.cfm access
0.222 172.16.134.191 WEB-IIS /iisadmpwd/aexp2.htr access
0.222 172.16.134.191 WEB-CGI rguest.exe access
0.222 172.16.134.191 WEB-COLDFUSION exampleapp access
0.222 172.16.134.191 WEB-IIS search97.vts access
0.222 172.16.134.191 WEB-FRONTPAGE shtml.dll access
0.222 172.16.134.191 WEB-COLDFUSION cfcache.map access
0.222 172.16.134.191 WEB-IIS JET VBA access
0.222 172.16.134.191 WEB-CGI cart32.exe access
0.222 172.16.134.191 WEB-MISC get32.exe access
0.111 172.16.134.191 WEB-COLDFUSION fileexists.cfm access
0.111 172.16.134.191 WEB-CGI bb-hostscv.sh access
0.111 172.16.134.191 WEB-CGI alibaba.pl access
0.111 172.16.134.191 WEB-MISC order.log access
0.111 172.16.134.191 WEB-MISC search.dll access
0.111 172.16.134.191 WEB-CGI input2.bat access
0.111 172.16.134.191 WEB-MISC Ecommerce import.txt access
0.111 172.16.134.191 WEB-IIS MSProxy access
0.111 172.16.134.191 WEB-CGI redirect access
0.111 172.16.134.191 WEB-IIS view source via translate header
0.111 172.16.134.191 WEB-IIS ctss.idc access
0.111 172.16.134.191 WEB-MISC cgitest.exe access
0.111 172.16.134.191 WEB-IIS msadcs.dll access
0.111 172.16.134.191 WEB-FRONTPAGE users.pwd access
0.111 172.16.134.191 WEB-MISC wwwboard.pl access
0.111 172.16.134.191 WEB-FRONTPAGE register.txt access
0.111 172.16.134.191 WEB-IIS adctest.asp access
0.111 172.16.134.191 WEB-CGI dbman db.cgi access
0.111 172.16.134.191 WEB-COLDFUSION evaluate.cfm access
0.111 172.16.134.191 WEB-IIS getdrvs.exe access
0.111 172.16.134.191 WEB-COLDFUSION application.cfm access
0.111 172.16.134.191 WEB-IIS ISAPI .idq attempt
0.111 172.16.134.191 WEB-IIS site server config access
0.111 172.16.134.191 WEB-FRONTPAGE service.pwd
0.111 172.16.134.191 WEB-MISC windmail.exe access
0.111 172.16.134.191 WEB-FRONTPAGE fpadmin.htm access
0.111 172.16.134.191 WEB-MISC queryhit.htm access
0.111 172.16.134.191 WEB-MISC Domino log.nsf access
0.111 172.16.134.191 WEB-MISC .htaccess access
0.111 172.16.134.191 WEB-CGI test.bat access
0.111 172.16.134.191 WEB-IIS codebrowser Exair access
0.111 172.16.134.191 WEB-CGI args.cmd access
0.111 172.16.134.191 WEB-COLDFUSION exampleapp application.cfm
0.111 172.16.134.191 WEB-MISC backup access
0.111 172.16.134.191 WEB-MISC adminlogin access
0.111 172.16.134.191 WEB-MISC admin.php access
0.111 172.16.134.191 WEB-IIS repost.asp access
0.111 172.16.134.191 WEB-IIS doctodep.btr access
0.111 172.16.134.191 WEB-IIS ISAPI .printer access
0.111 172.16.134.191 WEB-FRONTPAGE dvwssr.dll access
0.111 172.16.134.191 WEB-COLDFUSION sendmail.cfm access
0.111 172.16.134.191 WEB-IIS .bat? access
0.111 172.16.134.191 WEB-MISC Trend Micro OfficeScan access
0.111 172.16.134.191 WEB-CGI hello.bat access
0.111 172.16.134.191 WEB-CGI guestbook.cgi access
0.111 172.16.134.191 WEB-CGI /cgi-bin/ls access
0.111 172.16.134.191 WEB-CGI tstisapi.dll access
0.111 172.16.134.191 WEB-COLDFUSION administrator access
0.111 172.16.134.191 WEB-MISC AuthChangeUrl access
0.111 172.16.134.191 WEB-COLDFUSION cfappman access
0.111 172.16.134.191 WEB-IIS ISAPI .idq access
0.111 172.16.134.191 WEB-MISC netscape admin passwd
0.111 172.16.134.191 WEB-COLDFUSION beaninfo access
0.111 172.16.134.191 WEB-MISC ICQ webserver DOS
0.111 172.16.134.191 WEB-CGI envout.bat access
0.111 172.16.134.191 WEB-CGI test.cgi access
0.111 172.16.134.191 WEB-CGI uploader.exe access
0.111 172.16.134.191 WEB-CGI user_update_admin.pl access
0.111 172.16.134.191 WEB-CGI user_update_passwd.pl access
0.111 172.16.134.191 WEB-IIS ISAPI .ida access
0.111 172.16.134.191 WEB-CGI Web Shopper shopper.cgi access
0.111 172.16.134.191 WEB-CGI echo.bat access
0.111 172.16.134.191 WEB-CGI eXtropia webstore access
0.111 172.16.134.191 WEB-MISC ws_ftp.ini access
0.111 172.16.134.191 WEB-CGI snorkerz.cmd access
0.111 172.16.134.191 WEB-IIS /scripts/samples/ access
0.111 172.16.134.191 WEB-FRONTPAGE registrations.txt access
0.111 172.16.134.191 WEB-IIS fpcount attempt
0.111 172.16.134.191 WEB-IIS _vti_inf access
0.111 172.16.134.191 WEB-COLDFUSION startstop DOS access
0.111 172.16.134.191 WEB-FRONTPAGE shtml.exe access
0.111 172.16.134.191 WEB-IIS uploadn.asp access
0.111 172.16.134.191 WEB-FRONTPAGE administrators.pwd access
0.111 172.16.134.191 SCAN SOCKS Proxy attempt
0.111 172.16.134.191 WEB-IIS pbserver access
0.111 172.16.134.191 WEB-IIS htimage.exe access
0.111 172.16.134.191 WEB-MISC .wwwacl access
0.111 172.16.134.191 WEB-FRONTPAGE _vti_rpc access
0.111 172.16.134.191 WEB-CGI imagemap.exe access
0.111 172.16.134.191 WEB-IIS CodeRed v2 root.exe access
0.111 172.16.134.191 WEB-CGI input.bat access
0.111 172.16.134.191 WEB-IIS newdsn.exe access
0.111 63.241.174.144 CHAT IRC nick change
0.111 172.16.134.191 WEB-CGI args.bat access
0.111 172.16.134.191 WEB-COLDFUSION cfmlsyntaxcheck.cfm access
0.111 172.16.134.191 WEB-MISC robots.txt access
0.111 172.16.134.191 WEB-CGI /wwwboard/passwd.txt access
0.111 172.16.134.191 WEB-FRONTPAGE orders.txt access
0.111 172.16.134.191 WEB-IIS ism.dll access
0.111 172.16.134.191 WEB-MISC SmartWin CyberOffice Shopping Cart access
0.111 172.16.134.191 WEB-COLDFUSION addcontent.cfm access
0.111 172.16.134.191 WEB-FRONTPAGE form_results access
0.111 172.16.134.191 WEB-IIS /msadc/samples/ access
0.111 172.16.134.191 WEB-IIS query.asp access
0.111 172.16.134.191 WEB-COLDFUSION parks access
0.111 209.196.44.172 CHAT IRC nick change
0.111 172.16.134.191 WEB-CGI win-c-sample.exe access
0.111 172.16.134.191 WEB-IIS codebrowser SDK access
0.111 217.199.175.10 CHAT IRC nick change
0.111 172.16.134.191 WEB-CGI ppdscgi.exe access
0.111 172.16.134.191 WEB-FRONTPAGE authors.pwd access
Top

Distribution of attack methods

%# of attacksmethods
29.44265 WEB-IIS .... access
265 24.197.194.106 -> 172.16.134.191
29.00261 WEB-IIS cmd.exe access
250 24.197.194.106 -> 172.16.134.191
11 210.22.204.101 -> 172.16.134.191
6.1155 MS-SQL Worm propagation attempt
4 61.150.72.7 -> 172.16.134.191
3 61.132.88.90 -> 172.16.134.191
2 218.4.99.237 -> 172.16.134.191
2 61.134.45.19 -> 172.16.134.191
2 61.150.120.72 -> 172.16.134.191
1 68.37.54.69 -> 172.16.134.191
1 216.192.145.21 -> 172.16.134.191
1 212.162.165.18 -> 172.16.134.191
1 200.135.228.10 -> 172.16.134.191
1 66.81.131.17 -> 172.16.134.191
1 218.4.65.115 -> 172.16.134.191
1 217.35.65.9 -> 172.16.134.191
1 68.45.123.130 -> 172.16.134.191
1 213.122.77.74 -> 172.16.134.191
1 81.57.217.208 -> 172.16.134.191
1 200.50.124.2 -> 172.16.134.191
1 4.33.244.44 -> 172.16.134.191
1 219.145.211.132 -> 172.16.134.191
1 61.132.88.50 -> 172.16.134.191
1 24.74.199.104 -> 172.16.134.191
1 12.253.142.87 -> 172.16.134.191
1 12.83.147.97 -> 172.16.134.191
1 67.201.75.38 -> 172.16.134.191
1 206.149.148.192 -> 172.16.134.191
1 218.244.66.32 -> 172.16.134.191
1 219.145.211.3 -> 172.16.134.191
1 61.177.56.98 -> 172.16.134.191
1 61.185.29.9 -> 172.16.134.191
1 61.185.212.166 -> 172.16.134.191
1 24.167.221.106 -> 172.16.134.191
1 218.4.48.74 -> 172.16.134.191
1 61.177.62.66 -> 172.16.134.191
1 205.180.159.35 -> 172.16.134.191
1 61.185.242.190 -> 172.16.134.191
1 212.122.20.74 -> 172.16.134.191
1 216.229.73.11 -> 172.16.134.191
1 61.185.215.42 -> 172.16.134.191
1 218.92.13.142 -> 172.16.134.191
1 168.243.103.205 -> 172.16.134.191
1 61.203.104.148 -> 172.16.134.191
1 213.170.56.83 -> 172.16.134.191
1 218.4.87.137 -> 172.16.134.191
1 12.252.61.161 -> 172.16.134.191
1 61.8.1.64 -> 172.16.134.191
1 67.81.161.166 -> 172.16.134.191
1 66.233.4.225 -> 172.16.134.191
1 68.84.210.227 -> 172.16.134.191
4.1137 WEB-IIS scripts access
34 24.197.194.106 -> 172.16.134.191
3 172.16.134.191 -> 207.172.16.156
2.7825 WEB-FRONTPAGE fourdots request
25 24.197.194.106 -> 172.16.134.191
2.5623 WEB-MISC http directory traversal
23 24.197.194.106 -> 172.16.134.191
1.5614 WEB-IIS .htr access
14 24.197.194.106 -> 172.16.134.191
1.3312 WEB-IIS ISAPI .ida attempt
11 210.22.204.101 -> 172.16.134.191
1 24.197.194.106 -> 172.16.134.191
1.009 WEB-IIS asp-dot attempt
9 24.197.194.106 -> 172.16.134.191
0.898 WEB-IIS webhits access
8 24.197.194.106 -> 172.16.134.191
0.787 WEB-IIS SAM Attempt
7 24.197.194.106 -> 172.16.134.191
0.676 WEB-IIS +.htr code fragment attempt
6 24.197.194.106 -> 172.16.134.191
0.676 WEB-IIS iissamples access
6 24.197.194.106 -> 172.16.134.191
0.444 WEB-FRONTPAGE /_vti_bin/ access
4 24.197.194.106 -> 172.16.134.191
0.444 WEB-IIS iisadmin access
4 24.197.194.106 -> 172.16.134.191
0.444 WEB-COLDFUSION expeval access
4 24.197.194.106 -> 172.16.134.191
0.333 WEB-IIS fpcount access
3 24.197.194.106 -> 172.16.134.191
0.333 WEB-CGI visadmin.exe access
3 24.197.194.106 -> 172.16.134.191
0.333 CHAT IRC nick change
1 172.16.134.191 -> 217.199.175.10
1 172.16.134.191 -> 63.241.174.144
1 172.16.134.191 -> 209.196.44.172
0.333 WEB-COLDFUSION snippets attempt
3 24.197.194.106 -> 172.16.134.191
0.333 WEB-IIS showcode.asp access
3 24.197.194.106 -> 172.16.134.191
0.333 WEB-CGI perl.exe access
3 24.197.194.106 -> 172.16.134.191
0.333 WEB-IIS .asp
0.333 WEB-CGI wguest.exe access
3 24.197.194.106 -> 172.16.134.191
0.222 WEB-IIS search97.vts access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-COLDFUSION cfcache.map access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-IIS mkilog.exe access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-COLDFUSION getfile.cfm access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-COLDFUSION exprcalc access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-IIS cmd32.exe access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-MISC novell groupwise gwweb.exe access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-CGI cgimail access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-FRONTPAGE shtml.dll access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-MISC Domino catalog.nsf access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-COLDFUSION exampleapp access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-MISC get32.exe access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-CGI tst.bat access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-IIS JET VBA access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-CGI rguest.exe access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-IIS /iisadmpwd/aexp2.htr access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-IIS srchadm access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-CGI cart32.exe access
2 24.197.194.106 -> 172.16.134.191
0.222 WEB-IIS jet vba access
2 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC .htaccess access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC Domino log.nsf access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS msadcs.dll access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI uploader.exe access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC wwwboard.pl access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC cgitest.exe access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI Web Shopper shopper.cgi access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC Ecommerce import.txt access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS ISAPI .ida access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI win-c-sample.exe access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC ws_ftp.ini access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI user_update_passwd.pl access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-FRONTPAGE register.txt access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-FRONTPAGE authors.pwd access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC adminlogin access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS codebrowser SDK access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI args.cmd access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS repost.asp access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-FRONTPAGE fpadmin.htm access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS pbserver access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-COLDFUSION application.cfm access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI eXtropia webstore access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-FRONTPAGE form_results access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC ICQ webserver DOS
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI /cgi-bin/ls access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-FRONTPAGE administrators.pwd access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-FRONTPAGE users.pwd access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI ppdscgi.exe access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-FRONTPAGE service.pwd
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC windmail.exe access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-COLDFUSION beaninfo access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC admin.php access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS getdrvs.exe access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-COLDFUSION administrator access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-COLDFUSION exampleapp application.cfm
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC backup access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI input.bat access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS /msadc/samples/ access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS ctss.idc access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS htimage.exe access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-FRONTPAGE registrations.txt access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-COLDFUSION fileexists.cfm access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS codebrowser Exair access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-FRONTPAGE orders.txt access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS _vti_inf access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS ISAPI .idq attempt
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS ISAPI .printer access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI bb-hostscv.sh access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS fpcount attempt
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC netscape admin passwd
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI envout.bat access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI guestbook.cgi access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-FRONTPAGE shtml.exe access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS view source via translate header
1 66.8.163.125 -> 172.16.134.191
0.111 SCAN SOCKS Proxy attempt
1 200.74.26.73 -> 172.16.134.191
0.111 WEB-MISC Trend Micro OfficeScan access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS ISAPI .idq access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-FRONTPAGE dvwssr.dll access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI test.cgi access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-COLDFUSION sendmail.cfm access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC SmartWin CyberOffice Shopping Cart access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI tstisapi.dll access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS uploadn.asp access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC .wwwacl access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI echo.bat access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI redirect access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI alibaba.pl access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC queryhit.htm access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS newdsn.exe access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS .bat? access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI /wwwboard/passwd.txt access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS doctodep.btr access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-COLDFUSION cfappman access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS adctest.asp access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI dbman db.cgi access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC order.log access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC search.dll access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-COLDFUSION addcontent.cfm access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI args.bat access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI test.bat access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI user_update_admin.pl access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC robots.txt access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-COLDFUSION evaluate.cfm access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-MISC AuthChangeUrl access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS ism.dll access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-COLDFUSION parks access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-FRONTPAGE _vti_rpc access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI hello.bat access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS CodeRed v2 root.exe access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS MSProxy access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI input2.bat access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS site server config access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI snorkerz.cmd access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-COLDFUSION cfmlsyntaxcheck.cfm access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-CGI imagemap.exe access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-COLDFUSION startstop DOS access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS query.asp access
1 24.197.194.106 -> 172.16.134.191
0.111 WEB-IIS /scripts/samples/ access
1 24.197.194.106 -> 172.16.134.191
Top

Portscans performed to/from HOME_NET

Scan AttemptsSource Address
1172.16.134.191
124.197.194.106
Top
Generated by snort_stat.pl