The NetFlow data are from a computer search engine (finds machines, not websites)
*94.102.49.193 -> cloud.census.shodan.io*
IP range : 94.102.49.0 - 94.102.49.255 Network name : SC-QUASI61 Infos : QUASI Infos : Quasi Networks LTD (IBC) Country : Seychelles (SC) Abuse email : abuse@quasinetworks.com, abuse@quasinetworks.com Source : RIPE
https://en.wikipedia.org/wiki/Shodan_(website)
- KB3VWG
On 04/30/2017 10:01 AM, lleachii@aol.com wrote:
These four particular NetFlow data are somewhat alarming, since it appears a RIP packet may have been attempted to be sent:
2017-04-29 20:56:05.866 0.000 TCP94.102.49.193:31430 http://192.168.7.9/nfsen/nfsen.php#null ->44.60.44.131:8099 http://192.168.7.9/nfsen/nfsen.php#null 1 40 1 2017-04-29 21:22:16.421 0.000 UDP94.102.49.193:12902 http://192.168.7.9/nfsen/nfsen.php#null ->44.60.44.2:520 http://192.168.7.9/nfsen/nfsen.php#null 1 52 1 2017-04-29 21:41:19.325 0.000 TCP94.102.49.193:1702 http://192.168.7.9/nfsen/nfsen.php#null ->44.60.44.131:9051 http://192.168.7.9/nfsen/nfsen.php#null 1 40 1 2017-04-29 22:06:55.283 0.000 TCP94.102.49.193:26459 http://192.168.7.9/nfsen/nfsen.php#null ->44.60.44.131:4911 http://192.168.7.9/nfsen/nfsen.php#null 1 40 1