Today's Odd Web Requests

    Published: 2026-04-29. Last Updated: 2026-04-29 13:11:41 UTC
    by Johannes Ullrich (Version: 1)
    0 comment(s)

    Today, two different "new" requests hit our honeypots. Both appear to be recon requests and not associated with specific vulnerabilities. But as always, please let me know if you have additional information

    1 - Broadcom API Gateway

    GET /bam/restart/if/required
    Host: [redacted]:8080
    Connection: close

    This request is targeting a Broadcom API Gateway endpoint. As is, the request should not cause any problems, but the response may indicate if a Broadcom API Gateway is used, and it could lead to follow-up attacks.

    2 - ESP32

    GET /esps/
    host: [redcated]:8080
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
    connection: close
    accept: */*
    accept-language: en
    accept-encoding: gzip

    The path "/esps/" is associated with ESP32 devices. The ESP32 platform is a low-cost system-on-a-chip (SOC) device that is frequently used in IoT devices or even in various home automation projects. The URL '/esps/' may be associated with uploading firmware, but I have not yet seen any follow-up attacks.

     

     

    --
    Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
    Twitter|

    Keywords: broadcom esp32
    0 comment(s)
    ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910

      Comments

      Login here to join the discussion.


      Diary Archives