woke up to a potentially successful log4j exploit attempt on my minecraft server (yes yes i know) and traced back the payload to this address it tries to open a TCP connection to. found myself talking to a transphobic hacker (ftr i don't actually wish them a good day)
(i'm blue)
anyway the IP they're doing this from is 217.151.98.168 if that helps anybody
Follow
the payload attempts to run a bash interactive shell with a net redirect to that address, whose tcp server expects a shell to respond appropriately (hence the echo at the start that i replied manually), i looked through everywhere in my server and thankfully it seems no harm done
