Can briefly discuss how I got here. 1. The Cloud provider motioning the IDS noticed there was
Fantastic news! We've Found the answer you've been seeking!
Question:
Can briefly discuss how I got here.
1. The Cloud provider motioning the IDS noticed there was website scanning activity
2. The Cloud provider saw an IP Address scanning the website making an SSH connection
? SSH traffic is encrypted, so the analyst reviewing the logs was not sure about malicious activity
? Displaying the scanning activity and discussing that in the logs would be helpful
? please help me Explain where I can find these forensic artifacts on the system
Transcribed Image Text:
> This PC > JESSE-OS (C:) > inetpub logs > LogFiles W3SVC1 (1 u_ex220226.log- Notepad ts File Edit Format View Help dc #Software: Microsoft Internet Information Services 10.0 # Version: 1.0 #Date: 2022-02-26 17:19:32 #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-take 2022-02-26 17:19:32 127.0.0.1 GET / - 80 - 127.0.0.1 Mozilla/5.0+(Windows+NT+10.0; +WOW64; +Trident/7.0;+rv: 11.0) +like+Gecko 200 0 0 175 2022-02-26 17:19:32 127.0.0.1 GET /favicon.ico - 80 - 127.0.0.1 Mozilla/5.0+(Windows+NT+10.0; +WOW64; +Trident/7.0;+rv: 11.0)+like+Gecko - 404 0 2 21 2022-02-26 17:32:27 127.0.0.1 GET /hidden/admin.txt 80 - 127.0.0.1 Mozilla/5.0+(Windows +NT+10.0; +WOW64; +Trident/7.0;+rv: 11.0)+like+Gecko - 200 0 0 2 (2022-02-26 17:32:27 127.0.0.1 GET /favicon.ico - 80 - 127.0.0.1 Mozilla/5.0+(Windows+NT+10.0; +WOW64; +Trident/7.0;+rv: 11.0)+like+Gecko - 404 0 2 57 2022-02-26 17:33:24 10.138.10.211 GET / - 80 - 10.138.23.18 Mozilla/5.0+(X11; +Linux+x86_64;+rv: 78.0) +Gecko/20100101+Firefox/78.0 - 304 0 0 4 - 2022-02-26 17:33:36 10.138.10.211 GET /hidden/admin.txt - 80 10.138.23.18 Mozilla/5.0+(X11; +Linux+x86_64;+rv: 78.0) +Gecko/20100101+Firefox/78.0 - 200 0 0 0 2022-02-26 17:38:51 10.138.10.211 GET /randomfilel - 80 - 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows+NT+5.1) - 404 0 2 4 2022-02-26 17:38:51 10.138.10.211 GET /frand2 - 80 - 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows + NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.bash_history - 80 - 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows+NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.bashrc - 80 - 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows+NT+5.1) 404 0 2 0 M2022-02-26 17:38:51 10.138.10.211 GET /.cache - 80 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows+NT+5.1) 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.config - 80 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows+NT+5.1) - 404 02 0 2022-02-26 17:38:51 10.138.10.211 GET /.cvs - 80 - 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows +NT+5.1) 404 0 2 0 en 2022-02-26 17:38:51 10.138.10.211 GET /.cvsignore - 80 - 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows+NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /. forward - 80 - 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows +NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.git/HEAD - 80 80 - 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows + NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.history 80 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows +NT+5.1) - 404 0 2 0 80 e.l 54 - - x > This PC > JESSE-OS (C:) > inetpub logs > LogFiles W3SVC1 (1 u_ex220226.log- Notepad ts File Edit Format View Help dc #Software: Microsoft Internet Information Services 10.0 # Version: 1.0 #Date: 2022-02-26 17:19:32 #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-take 2022-02-26 17:19:32 127.0.0.1 GET / - 80 - 127.0.0.1 Mozilla/5.0+(Windows+NT+10.0; +WOW64; +Trident/7.0;+rv: 11.0) +like+Gecko 200 0 0 175 2022-02-26 17:19:32 127.0.0.1 GET /favicon.ico - 80 - 127.0.0.1 Mozilla/5.0+(Windows+NT+10.0; +WOW64; +Trident/7.0;+rv: 11.0)+like+Gecko - 404 0 2 21 2022-02-26 17:32:27 127.0.0.1 GET /hidden/admin.txt 80 - 127.0.0.1 Mozilla/5.0+(Windows +NT+10.0; +WOW64; +Trident/7.0;+rv: 11.0)+like+Gecko - 200 0 0 2 (2022-02-26 17:32:27 127.0.0.1 GET /favicon.ico - 80 - 127.0.0.1 Mozilla/5.0+(Windows+NT+10.0; +WOW64; +Trident/7.0;+rv: 11.0)+like+Gecko - 404 0 2 57 2022-02-26 17:33:24 10.138.10.211 GET / - 80 - 10.138.23.18 Mozilla/5.0+(X11; +Linux+x86_64;+rv: 78.0) +Gecko/20100101+Firefox/78.0 - 304 0 0 4 - 2022-02-26 17:33:36 10.138.10.211 GET /hidden/admin.txt - 80 10.138.23.18 Mozilla/5.0+(X11; +Linux+x86_64;+rv: 78.0) +Gecko/20100101+Firefox/78.0 - 200 0 0 0 2022-02-26 17:38:51 10.138.10.211 GET /randomfilel - 80 - 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows+NT+5.1) - 404 0 2 4 2022-02-26 17:38:51 10.138.10.211 GET /frand2 - 80 - 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows + NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.bash_history - 80 - 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows+NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.bashrc - 80 - 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows+NT+5.1) 404 0 2 0 M2022-02-26 17:38:51 10.138.10.211 GET /.cache - 80 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows+NT+5.1) 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.config - 80 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows+NT+5.1) - 404 02 0 2022-02-26 17:38:51 10.138.10.211 GET /.cvs - 80 - 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows +NT+5.1) 404 0 2 0 en 2022-02-26 17:38:51 10.138.10.211 GET /.cvsignore - 80 - 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows+NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /. forward - 80 - 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows +NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.git/HEAD - 80 80 - 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows + NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.history 80 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows +NT+5.1) - 404 0 2 0 80 e.l 54 - - x
Expert Answer:
Related Book For
Income Tax Fundamentals 2013
ISBN: 9781285586618
31st Edition
Authors: Gerald E. Whittenburg, Martha Altus Buller, Steven L Gill
Posted Date:
Students also viewed these computer network questions
-
Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...
-
The following additional information is available for the Dr. Ivan and Irene Incisor family from Chapters 1-5. Ivan's grandfather died and left a portfolio of municipal bonds. In 2012, they pay Ivan...
-
Marketing efforts to produce, promote, and reclaim environmentally sensitive products are called ________________ .
-
Find the present value of an annuity of $2000, at the end of each quarter for 5 years after being deferred for 3 years, if money is worth 8% compounded quarterly.
-
What are the primary characteristics of an annuity? Differentiate between an ordinary annuity and an annuity due.
-
What does the variance tell us about data points?
-
Refer to Problem 8.3. If the final destination is New Delhi, India, and there is a 30% import tax, which firm should you choose? In Problem 8.3, you have been asked to analyze the bids for 200...
-
Lansing Company s current - year income statement and selected balance sheet data at December 3 1 of the current and prior years follow. LANSING COMPANY Income Statement For Current Year Ended...
-
According to PMQ Pizza Magazine (https://www.pizzatoday.com/pizzeriarankings/ 2018-top-100-pizza companies/), an estimate of pizza sales in the United States for the top 100 pizza companies was $43.5...
-
1. Find the Truth Value for (pv q) ^~(p ^ q). 2. Show that the statement forms ~(p ^ q) and ~p ^~q are not logically equivalent. 3. Verify the logical equivalence: ~(~p ^ q) ^ (p \ q) = p.
-
Show that the \(\mathrm{SO}(3)\) Clebsch-Gordan coefficients \(\left\langle j_{1} m_{1} j_{2} m_{2} \mid J M ight angle\) evaluate to (-1)j-m jmj'm'| 00): = 2j+1 djj' dm,-m'> for the special case J =...
-
What, in your view, might be some of the challenges of monitoring and measuring broader sustainability impacts beyond environmental performance?
-
Issuers of financial statements that fail to disclose that accounts receivable have been sold or factored sometimes attempt to offer the defense that this is only a disclosure issue that does not...
-
The American Accounting Association Ethical Decision-Making Model: (a) Has strong elements of consequentialism. (b) Includes the rights-and-duties approach. (c) Requires the decision makers own...
-
Madison Corporation sold tractors to Bartlett Corporation. Jessica owns 100 percent of the outstanding shares of Bartlett and serves as the companys CEO. Six months ago, Madison initiated a breach of...
-
Jorgensen High Tech Inc. is a calendar-year, accrual-method taxpayer. At the end of year 1, Jorgensen accrued and deducted the following bonuses for certain employees for financial accounting...
-
Eleni Cabinet Company sold 2,200 cabinets during 2011 at $160 per cabinet. Its beginning inventory on January 1 was 130 cabinets at $56. Purchases made during the year were as follows: February . 225...
-
During the 2012 tax year, Irma incurred the following expenses: Union dues..............................................................$275 Tax return preparation...
-
Mike sells his home to Jane on April 2, 2012. Jane pays the property taxes covering the full calendar year in October, which amount to $2,500. How much may Mike and Jane each deduct for property...
-
The following additional information is available for the Dr. Ivan and Irene Incisor family. The Incisors own a rental beach house in Hawaii. The beach house was rented for the full year during 2012...
-
How the duration of a sprint can be decided?
-
Why estimating software development effort is so difficult? What are the obstacles?
-
Why is the stateless pattern preferable to stateful?
Study smarter with the SolutionInn App