Loading threats
Observed exploitation chain targeting /GponForm/diag_Form diagnostic endpoint, abusing diag_action=ping for command injection to download Mozi.m malware via wget, accompanied by images/ query artifact. Indicative of automated GPON router exploitation for Mozi botnet deployment.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 103.93.93.182 | 100% | 89,384 | 3,913 | 🇮🇩 ID | AS141140 | 2026-03-02 |
| 223.123.43.5 | 100% | 22,905 | 1,051 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.38.35 | 100% | 21,545 | 971 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.38.39 | 100% | 12,645 | 1,243 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 175.107.2.233 | 91% | 1,061 | 24 | 🇵🇰 PK | AS23888 | 2026-02-04 |
| 103.18.14.174 | 100% | 394 | 34 | 🇵🇰 PK | AS9541 | 2026-03-01 |
| 103.18.14.235 | 100% | 61 | 61 | 🇵🇰 PK | AS9541 | 2026-03-02 |
| 175.107.1.198 | 100% | 57 | 55 | 🇵🇰 PK | AS23888 | 2026-02-24 |
| 42.59.227.202 | 100% | 27 | 27 | 🇨🇳 CN | AS4837 | 2026-02-20 |
| 42.232.88.247 | 100% | 26 | 26 | 🇨🇳 CN | AS4837 | 2026-03-01 |
| 182.127.58.16 | 100% | 24 | 24 | 🇨🇳 CN | AS4837 | 2026-02-28 |
| 223.123.73.54 | 100% | 16 | 16 | 🇵🇰 PK | AS59257 | 2026-02-18 |
| 103.99.196.18 | 54% | 10 | 6 | 🇮🇳 IN | AS141275 | 2026-02-20 |
| 45.230.66.117 | 64% | 7 | 4 | 🇦🇷 AR | AS266702 | 2026-02-14 |
| 45.230.66.121 | 53% | 7 | 4 | 🇦🇷 AR | AS266702 | 2026-02-12 |
| 45.230.66.126 | 51% | 6 | 2 | 🇦🇷 AR | AS266702 | 2026-02-10 |
| 45.230.66.113 | 48% | 6 | 5 | 🇦🇷 AR | AS266702 | 2026-02-28 |
| 45.230.66.107 | 50% | 4 | 2 | 🇦🇷 AR | AS266702 | 2026-02-15 |
| 180.191.16.24 | 60% | 3 | 1 | 🇵🇭 PH | AS132199 | 2026-02-05 |
| 110.37.116.78 | 60% | 3 | 1 | 🇵🇰 PK | AS38264 | 2026-02-06 |