Wiki/rss/osint.xml

<feed xmlns="http://www.w3.org/2005/Atom">
    <title>AniNIX/RSS | OSINT Feed</title>
    <icon>https://foundation.aninix.net/assets/img/AniNIX.png</icon>
    <logo>https://foundation.aninix.net/assets/img/AniNIX.png</logo>
    <link rel="self" href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml" />
    <link href="https://aninix.net/" />
    <updated>2022-09-26T02:16:20Z</updated>
    <author>
        <name>AniNIX</name>
    </author>

    <id>https://aninix.net/</id>

    <entry>
        <title>84.239.54.49</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#84.239.54.49"></link>
        <updated>2024-06-27T17:25:00Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#84.239.54.49</id>
        <author><name>DarkFeather</name></author>
        <summary>
            A Romanian IP, 84.239.54.49, was detected pushing a variety of web application attacks and network trojan attempts against our web front. These were primarily Suricata/Snort signature 1:2016982:5 auto_prepend_file PHP config option in uri. We have no evidence that these attacks were successful. Total malicious attempts captured was 54.
        </summary>
    </entry>

    <entry>
        <title>2024MAR11 ACEVILLE PTELTD, Singapore</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#ACEVILLEPTELTD"></link>
        <updated>2024-03-11T07:52:00Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#ACEVILLEPTELTD</id>
        <author><name>DarkFeather</name></author>
        <summary>
            Provider "ACEVILLE PTELTD" from blocks 43.156.0.0/16, 43.134.0.0/15, 43.134.0.0/17 was detected trying to bruteforce our network with a distributed attack network. We are blocking these networks for malicious attempts in the hundreds.
        </summary>
    </entry>

    <entry>
        <title>24.144.93.118/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#24.144.93.118"></link>
        <updated>2023-11-17T03:30:00Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#24.144.93.118</id>
        <author><name>DarkFeather</name></author>
        <summary>
            24.144.93.118/32 was detected using a network scanner against our external address. Total volume was 55 -- this action repeated on 2023-11-18 at 08:40Z.
        </summary>
    </entry>

    <entry>
        <title>46.101.38.229/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#46.101.38.229"></link>
        <updated>2023-01-16T21:44:08Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#46.101.38.229</id>
        <summary>
            46.101.38.229/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SSH attacks -- total volume was 48.
        </summary>
    </entry>

    <entry>
        <title>5.181.86.78/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#5.181.86.78"></link>
        <updated>2023-01-16T21:44:07Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#5.181.86.78</id>
        <summary>
            5.181.86.78/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection methods and cross-site scripting. Total attack volume was 184.
        </summary>
    </entry>

    <entry>
        <title>Attack Flood from CN, BR, KZ, and DigitalOcean</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#attack-flood-2022-12-23"></link>
        <updated>2022-12-23T18:19:59Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#attack-flood-2022-12-23</id>
        <summary>
            <p>Starting 2022/12/18, the AniNIX saw a rapid increase of threat traffic from subnets attributed to CN, BR, and KZ country codes -- this coincided with a concerted campaign being run from hosting provider DigitalOcean. While APT-style campaigns from CN are more or less expected, the large amount of traffic from DigitalOcean suggests the advent of a new campaign from that vendor. Other AniNIX users have reported similar attacks originating from DigitalOcean, but blocking the entire provider cuts off access to some local resources.</p>
            <p>We are blocking the following subnets in response to this threat data: 8.213.129.0/24, 36.92.107.0/24, 43.157.15.0/24, 45.162.216.0/22, 46.101.128.0/17, 46.101.80.0/20, 61.177.0.0/16, 62.87.132.0/22, 64.227.0.0/17, 82.180.132.0/23, 85.152.0.0/17, 92.46.64.0/18, 159.223.0.0/16, and 218.92.0.0/16. If you have legitimate resources living in these spaces, we recommend hardening those resources and contacting us via Discord or IRC to receive an exception.</p>
        </summary>
    </entry>

    <entry>
        <title>78.128.113.166/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#78.128.113.166"></link>
        <updated>2022-12-15T01:59:59Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#78.128.113.166</id>
        <summary>
            78.128.113.166/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection methods and cross-site scripting. Total attack volume was 363.
        </summary>
    </entry>

    <entry>
        <title>141.98.9.24/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#141.98.9.24"></link>
        <updated>2022-09-30T21:59:59Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#141.98.9.24</id>
        <summary>
            141.98.9.24/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL queries by URI, including "Attempt To Access MSSQL xp_cmdshell Stored Procedure Via URI". Total attack volume was 184.
        </summary>
    </entry>

    <entry>
        <title>31.184.195.114/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#31.184.195.114"></link>
        <updated>2022-09-30T21:59:59Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#31.184.195.114</id>
        <summary>
            31.184.195.114/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as attempted administrator gain, lwp-download, and CVE-2014-6271 exploits. Total attack volume was 254.
        </summary>
    </entry>

    <entry>
        <title>81.19.136.5/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#81.19.136.5"></link>
        <updated>2022-09-30T21:59:59Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#81.19.136.5</id>
        <summary>
            81.19.136.5/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 1079.
        </summary>
    </entry>

    <entry>
        <title>194.165.16.68/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.16.68"></link>
        <updated>2022-09-30T21:59:59Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.16.68</id>
        <summary>
            194.165.16.68/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 184.
        </summary>
    </entry>

    <entry>
        <title>91.191.209.54/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#91.191.209.54"></link>
        <updated>2022-09-26T02:16:20Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#91.191.209.54</id>
        <summary>
            91.191.209.54/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 1080.
        </summary>
    </entry>

    <entry>
        <title>194.165.17.9/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.17.9"></link>
        <updated>2022-09-26T02:16:20Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.17.9</id>
        <summary>
            194.165.17.9/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 184.
        </summary>
    </entry>

</feed>
Starting OSINT RSS stream 2022-09-25 20:40:07 -05:00			`<feed xmlns="http://www.w3.org/2005/Atom">`
			`<title>AniNIX/RSS \| OSINT Feed</title>`
			`<icon>https://foundation.aninix.net/assets/img/AniNIX.png</icon>`
			`<logo>https://foundation.aninix.net/assets/img/AniNIX.png</logo>`
			`<link rel="self" href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml" />`
			`<link href="https://aninix.net/" />`
			`<updated>2022-09-26T02:16:20Z</updated>`
			`<author>`
			`<name>AniNIX</name>`
			`</author>`

			`<id>https://aninix.net/</id>`

84.239.54.49 detection 2024-06-27 12:38:23 -05:00			`<entry>`
			`<title>84.239.54.49</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#84.239.54.49"></link>`
			`<updated>2024-06-27T17:25:00Z</updated>`
			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#84.239.54.49</id>`
Validator fixes 2024-06-27 12:42:06 -05:00			`<author><name>DarkFeather</name></author>`
84.239.54.49 detection 2024-06-27 12:38:23 -05:00			`<summary>`
			`A Romanian IP, 84.239.54.49, was detected pushing a variety of web application attacks and network trojan attempts against our web front. These were primarily Suricata/Snort signature 1:2016982:5 auto_prepend_file PHP config option in uri. We have no evidence that these attacks were successful. Total malicious attempts captured was 54.`
			`</summary>`
			`</entry>`

New threat identified 2024-03-11 14:53:21 -05:00			`<entry>`
			`<title>2024MAR11 ACEVILLE PTELTD, Singapore</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#ACEVILLEPTELTD"></link>`
			`<updated>2024-03-11T07:52:00Z</updated>`
			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#ACEVILLEPTELTD</id>`
Validator fixes 2024-06-27 12:42:06 -05:00			`<author><name>DarkFeather</name></author>`
New threat identified 2024-03-11 14:53:21 -05:00			`<summary>`
			`Provider "ACEVILLE PTELTD" from blocks 43.156.0.0/16, 43.134.0.0/15, 43.134.0.0/17 was detected trying to bruteforce our network with a distributed attack network. We are blocking these networks for malicious attempts in the hundreds.`
			`</summary>`
			`</entry>`

New threat 24.144.93.118/32 2023-11-25 10:38:15 -06:00			`<entry>`
			`<title>24.144.93.118/32</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#24.144.93.118"></link>`
			`<updated>2023-11-17T03:30:00Z</updated>`
			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#24.144.93.118</id>`
Validator fixes 2024-06-27 12:42:06 -05:00			`<author><name>DarkFeather</name></author>`
New threat 24.144.93.118/32 2023-11-25 10:38:15 -06:00			`<summary>`
			`24.144.93.118/32 was detected using a network scanner against our external address. Total volume was 55 -- this action repeated on 2023-11-18 at 08:40Z.`
			`</summary>`
			`</entry>`

46.101.38.229/32 2023-01-27 13:27:28 -06:00			`<entry>`
			`<title>46.101.38.229/32</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#46.101.38.229"></link>`
Validator fixes 2024-06-27 12:42:06 -05:00			`<updated>2023-01-16T21:44:08Z</updated>`
46.101.38.229/32 2023-01-27 13:27:28 -06:00			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#46.101.38.229</id>`
			`<summary>`
			`46.101.38.229/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SSH attacks -- total volume was 48.`
			`</summary>`
			`</entry>`

5.181.86.78/32 2023-01-16 15:48:34 -06:00			`<entry>`
			`<title>5.181.86.78/32</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#5.181.86.78"></link>`
			`<updated>2023-01-16T21:44:07Z</updated>`
			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#5.181.86.78</id>`
			`<summary>`
			`5.181.86.78/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection methods and cross-site scripting. Total attack volume was 184.`
			`</summary>`
			`</entry>`

Attack flood 2022/12/18-2022/12/23 2022-12-23 12:23:18 -06:00			`<entry>`
			`<title>Attack Flood from CN, BR, KZ, and DigitalOcean</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#attack-flood-2022-12-23"></link>`
			`<updated>2022-12-23T18:19:59Z</updated>`
			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#attack-flood-2022-12-23</id>`
			`<summary>`
			<p>Starting 2022/12/18, the AniNIX saw a rapid increase of threat traffic from subnets attributed to CN, BR, and KZ country codes -- this coincided with a concerted campaign being run from hosting provider DigitalOcean. While APT-style campaigns from CN are more or less expected, the large amount of traffic from DigitalOcean suggests the advent of a new campaign from that vendor. Other AniNIX users have reported similar attacks originating from DigitalOcean, but blocking the entire provider cuts off access to some local resources.</p>
			`<p>We are blocking the following subnets in response to this threat data: 8.213.129.0/24, 36.92.107.0/24, 43.157.15.0/24, 45.162.216.0/22, 46.101.128.0/17, 46.101.80.0/20, 61.177.0.0/16, 62.87.132.0/22, 64.227.0.0/17, 82.180.132.0/23, 85.152.0.0/17, 92.46.64.0/18, 159.223.0.0/16, and 218.92.0.0/16. If you have legitimate resources living in these spaces, we recommend hardening those resources and contacting us via Discord or IRC to receive an exception.</p>`
			`</summary>`
			`</entry>`

78.128.113.166/32 OSINT Threat Report 2022-12-15 12:05:06 -06:00			`<entry>`
			`<title>78.128.113.166/32</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#78.128.113.166"></link>`
			`<updated>2022-12-15T01:59:59Z</updated>`
			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#78.128.113.166</id>`
			`<summary>`
			`78.128.113.166/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection methods and cross-site scripting. Total attack volume was 363.`
			`</summary>`
			`</entry>`

141.98.9.24/32 2022-10-23 20:06:56 -05:00			`<entry>`
			`<title>141.98.9.24/32</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#141.98.9.24"></link>`
			`<updated>2022-09-30T21:59:59Z</updated>`
			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#141.98.9.24</id>`
			`<summary>`
			`141.98.9.24/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL queries by URI, including "Attempt To Access MSSQL xp_cmdshell Stored Procedure Via URI". Total attack volume was 184.`
			`</summary>`
			`</entry>`

Adding two new threats 2022-10-12 15:25:24 -05:00			`<entry>`
			`<title>31.184.195.114/32</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#31.184.195.114"></link>`
			`<updated>2022-09-30T21:59:59Z</updated>`
			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#31.184.195.114</id>`
			`<summary>`
			`31.184.195.114/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as attempted administrator gain, lwp-download, and CVE-2014-6271 exploits. Total attack volume was 254.`
			`</summary>`
			`</entry>`

			`<entry>`
			`<title>81.19.136.5/32</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#81.19.136.5"></link>`
			`<updated>2022-09-30T21:59:59Z</updated>`
			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#81.19.136.5</id>`
			`<summary>`
			`81.19.136.5/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 1079.`
			`</summary>`
			`</entry>`

New OSINT entry 2022-09-30 22:58:40 -05:00			`<entry>`
			`<title>194.165.16.68/32</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.16.68"></link>`
			`<updated>2022-09-30T21:59:59Z</updated>`
			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.16.68</id>`
			`<summary>`
			`194.165.16.68/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 184.`
			`</summary>`
			`</entry>`

Starting OSINT RSS stream 2022-09-25 20:40:07 -05:00			`<entry>`
			`<title>91.191.209.54/32</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#91.191.209.54"></link>`
			`<updated>2022-09-26T02:16:20Z</updated>`
			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#91.191.209.54</id>`
			`<summary>`
			`91.191.209.54/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 1080.`
			`</summary>`
			`</entry>`

			`<entry>`
			`<title>194.165.17.9/32</title>`
			`<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.17.9"></link>`
			`<updated>2022-09-26T02:16:20Z</updated>`
			`<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.17.9</id>`
			`<summary>`
			`194.165.17.9/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 184.`
			`</summary>`
			`</entry>`

			`</feed>`