rss-bridge 2026-01-11T17:01:00+00:00

2026-01-10: Ten days of scans and probes and web traffic hitting my web server

---

NOTES:

- Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website.

ASSOCIATED FILES:

- 2026-01-10-ten-days-of-scans-and-probes-and-web-traffic-hitting-my-web-server.pcap.zip 16.0 MB (16,021,929 bytes)

Shown above: Traffic from the pcap filtered in Wireshark.

Shown above: HTTP stream of the last HTTP request in the pcap showing a POST request that retrieves malicious content from 91.92.241[.]10.

Shown above: The server at 91.92.241[.]10 was still active as of Sunday, 2026-01-11.

Shown above: Example of a shell script downloaded from 91.92.241[.]10, likely for Mirai botnet malware.

---

[Original source](https://www.malware-traffic-analysis.net/2026/01/10/index.html)