2026-01-10 (SATURDAY): TEN DAYS OF SCANS AND PROBES AND WEB TRAFFIC HITTING MY WEB SERVER

NOTES:

• Zip files are password-protected.  Of note, this site has a new password scheme.  For the password, see the "about" page of this website.

ASSOCIATED FILES:

• 2026-01-10-ten-days-of-scans-and-probes-and-web-traffic-hitting-my-web-server.pcap.zip   16.0 MB   (16,021,929 bytes)

 

IMAGES

Shown above:  Traffic from the pcap filtered in Wireshark.

 

Shown above:  HTTP stream of the last HTTP request in the pcap showing a POST request that retrieves malicious content from 91.92.241[.]10.

 

Shown above:  The server at 91.92.241[.]10 was still active as of Sunday, 2026-01-11.

 

Shown above:  Example of a shell script downloaded from 91.92.241[.]10, likely for Mirai botnet malware.

 

Click here to return to the main page.