30 Apr
2017
30 Apr
'17
10:04 a.m.
The NetFlow data are from a computer search engine (finds machines, not
websites)
*94.102.49.193 -> cloud.census.shodan.io*
IP range : 94.102.49.0 - 94.102.49.255
Network name : SC-QUASI61
Infos : QUASI
Infos : Quasi Networks LTD (IBC)
Country : Seychelles (SC)
Abuse email : abuse(a)quasinetworks.com, abuse(a)quasinetworks.com
Source : RIPE
https://en.wikipedia.org/wiki/Shodan_(website)
- KB3VWG
On 04/30/2017 10:01 AM, lleachii(a)aol.com wrote:
These four particular NetFlow data are somewhat
alarming, since it
appears a RIP packet may have been attempted to be sent:
2017-04-29 20:56:05.866 0.000 TCP94.102.49.193:31430
<http://192.168.7.9/nfsen/nfsen.php#null> ->44.60.44.131:8099
<http://192.168.7.9/nfsen/nfsen.php#null> 1 40 1
2017-04-29 21:22:16.421 0.000 UDP94.102.49.193:12902
<http://192.168.7.9/nfsen/nfsen.php#null> ->44.60.44.2:520
<http://192.168.7.9/nfsen/nfsen.php#null> 1 52 1
2017-04-29 21:41:19.325 0.000 TCP94.102.49.193:1702
<http://192.168.7.9/nfsen/nfsen.php#null> ->44.60.44.131:9051
<http://192.168.7.9/nfsen/nfsen.php#null> 1 40 1
2017-04-29 22:06:55.283 0.000 TCP94.102.49.193:26459
<http://192.168.7.9/nfsen/nfsen.php#null> ->44.60.44.131:4911
<http://192.168.7.9/nfsen/nfsen.php#null> 1 40 1