BOTSv1 Level 1: Finding Attack Servers (35 pts)

BOTSv1 1.1: Scanner Name (5 pts)

Find the brand name of the vulnerability scanner used against

BOTSv1 1.2: Attacker IP (5 pts)

Find the attacker's IP address.

BOTSv1 1.3: Web Server IP (5 pts)

Find the IP address of the web server serving "".

BOTSv1 1.4: Defacement Filename (10 pts)

Find the name of the file used to deface the web server serving "".


  • It was downloaded by the Web server, so the server's IP is a client address, not a destination address.
  • Remove the filter to see all 9 such events. Examine the uri values.

BOTSv1 1.5: Domain Name (10 pts)

Find the fully qualified domain name (FQDN) used by the staging server hosting the defacement file.


  • Examine the 9 events from the previous challenge. Look at the url values.

Posted 10-30-20