Loading threats
Observed exploitation chain targeting /GponForm/diag_Form diagnostic endpoint, abusing diag_action=ping for command injection to download Mozi.m malware via wget, accompanied by images/ query artifact. Indicative of automated GPON router exploitation for Mozi botnet deployment.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 139.135.59.81 | 100% | 3,673 | 161 | 🇵🇰 PK | AS9541 | 2026-04-04 |
| 139.135.40.97 | 100% | 1,265 | 140 | 🇵🇰 PK | AS9541 | 2026-03-24 |
| 139.135.41.38 | 100% | 1,174 | 205 | 🇵🇰 PK | AS9541 | 2026-04-05 |
| 110.37.28.119 | 100% | 724 | 49 | 🇵🇰 PK | AS38264 | 2026-03-21 |
| 103.18.14.174 | 100% | 490 | 84 | 🇵🇰 PK | AS9541 | 2026-03-19 |
| 103.93.93.170 | 100% | 328 | 328 | 🇮🇩 ID | AS141140 | 2026-04-15 |
| 223.123.41.66 | 100% | 206 | 206 | 🇵🇰 PK | AS138423 | 2026-04-13 |
| 103.18.14.235 | 100% | 141 | 141 | 🇵🇰 PK | AS9541 | 2026-04-08 |
| 60.23.238.156 | 100% | 90 | 90 | 🇨🇳 CN | AS4837 | 2026-04-15 |
| 59.103.104.97 | 100% | 82 | 82 | 🇵🇰 PK | AS9541 | 2026-04-15 |
| 103.99.196.18 | 100% | 76 | 72 | 🇮🇳 IN | AS141275 | 2026-04-10 |
| 103.18.14.144 | 100% | 75 | 75 | 🇵🇰 PK | AS9541 | 2026-04-05 |
| 223.123.73.18 | 100% | 73 | 73 | 🇵🇰 PK | AS59257 | 2026-04-14 |
| 59.103.106.89 | 100% | 57 | 57 | 🇵🇰 PK | AS9541 | 2026-03-17 |
| 175.107.1.198 | 100% | 57 | 55 | 🇵🇰 PK | AS23888 | 2026-02-24 |
| 103.18.14.249 | 100% | 53 | 53 | 🇵🇰 PK | AS9541 | 2026-04-13 |
| 110.37.119.14 | 100% | 52 | 52 | 🇵🇰 PK | AS38264 | 2026-04-16 |
| 90.188.229.62 | 100% | 37 | 37 | 🇷🇺 RU | AS12389 | 2026-04-13 |
| 36.255.33.174 | 100% | 32 | 32 | 🇵🇰 PK | AS9541 | 2026-04-07 |
| 140.235.83.44 | 100% | 27 | 27 | 🇵🇰 PK | AS9541 | 2026-03-29 |