Challenge 2: Cross Reference
Below is a list of know malicious IP addresses gather through OSINT. Can you use this list to identify the malicious IPs in the web server log?
| Malicious IP Addresses |
|---|
| 36.37.36.114 |
| 36.37.39.204 |
| 42.1.128.64 |
| 51.254.200.34 |
| 178.34.15.6 |
| 36.241.115.49 |
| IP Address | Date and Page |
|---|---|
| 10.0.0.49 | [12/Jul/2019 19:01:31] "GET / HTTP/1.1" 200 |
| 36.37.39.204 | [12/Jul/2019 19:01:32] code 404, message File not found |
| 10.0.0.49 | [12/Jul/2019 19:01:32] "GET /favicon.ico HTTP/1.1" 404 |
| 178.34.15.6 | [12/Jul/2019 19:01:32] code 404, message File not found |
| 10.0.0.125 | [12/Jul/2019 19:01:32] "GET /favicon.ico HTTP/1.1" 404 |
| 10.0.0.125 | [12/Jul/2019 19:01:46] code 404, message File not found |
| 42.1.128.64 | [12/Jul/2019 19:01:46] "GET /page1.html HTTP/1.1" 404 |
| 10.0.0.49 | [12/Jul/2019 19:02:25] "GET /page2.html HTTP/1.1" 200 |
| 36.37.39.204 | [12/Jul/2019 19:02:33] "GET /page3.html HTTP/1.1" 200 |
| 36.37.39.204 | [12/Jul/2019 19:02:45] "GET /page4.html HTTP/1.1" 200 |
| 10.0.0.100 | [12/Jul/2019 19:02:59] "GET / HTTP/1.1" 200 |
| 36.37.39.204 | [12/Jul/2019 19:03:03] "GET / HTTP/1.1" 200 |
| 10.0.0.125 | [12/Jul/2019 19:03:13] "GET /page4.html HTTP/1.1" 200 |
| 10.0.0.49 | [12/Jul/2019 19:03:17] "GET /page2.html HTTP/1.1" 200 |
| 36.37.39.204 | [12/Jul/2019 19:03:20] "GET /page3.html HTTP/1.1" 200 |
| 10.0.0.100 | [12/Jul/2019 19:03:23] "GET /page2.html HTTP/1.1" 200 |
| 10.0.0.100 | [12/Jul/2019 19:03:30] "GET / HTTP/1.1" 200 |
Question 1: What is the first malicious IP address in this log?
Question 2: What is the second malicious IP in this log?
Question 3: What malicious IP appeared the most in this log?
Question 4: How many times did the answer to Question 3 appear in the log?