Check an IP Address, Domain Name, Subnet, or ASN

139.135.43.81 was found in our database!

$ whois 139.135.43.81

country·🇵🇰 Pakistan

city·Lahore

isp·Cyber Internet Services Pvt Ltd.

asn·AS9541

network·Standard

$ sikker risk 139.135.43.81scoring →

confidence

51%Medium

first_seen·Mar 10, 2026

last_seen·1h ago

sessions·3

events·3

$ sikker protocols 139.135.43.81

HTTP

2 / 2

HTTPS

1 / 1

$ sikker summary 139.135.43.81

139.135.43.81 has a threat confidence score of 51%. This IP address from Pakistan (AS9541, Cyber Internet Services Pvt Ltd.) has been observed in 3 honeypot sessions targeting HTTP, HTTPS protocols. Detected attack patterns include http gpon mozi botnet rce chain. First observed on March 10, 2026, most recently active March 23, 2026.

$ sikker behaviors 139.135.43.81catalog →

highHttp Gpon Mozi Botnet Rce Chain1x

Observed exploitation chain targeting /GponForm/diag_Form diagnostic endpoint, abusing diag_action=ping for command injection to download Mozi.m malware via wget, accompanied by images/ query artifact. Indicative of automated GPON router exploitation for Mozi botnet deployment.

$ sikker primitives 139.135.43.81

http_query_images_fragment_access2 http_path_gponform_diag_form_access2 http_gpon_diag_ping_wget_mozi_dropper_injection1

$ sikker related 139.135.43.81

🇵🇰·More threats fromPakistan→AS·More threats fromCyber Internet Services Pvt Ltd.→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
103.213.112.77	100%	25
59.103.104.174	100%	470
206.135.161.177	27%	1
103.213.112.135	100%	25
206.135.161.118	100%	50

IP Address	Confidence	Events
110.37.35.235	100%	1,183
110.39.233.78	100%	71
103.166.102.17	98%	40
124.29.223.19	100%	26
110.39.251.209	100%	18