{"id":12492,"date":"2026-04-30T04:03:37","date_gmt":"2026-04-30T04:03:37","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/04\/30\/32934\/"},"modified":"2026-04-30T04:03:37","modified_gmt":"2026-04-30T04:03:37","slug":"32934","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/04\/30\/32934\/","title":{"rendered":"Today’s Odd Web Requests, (Wed, Apr 29th)"},"content":{"rendered":"\n
Today’s Odd Web Requests, (Wed, Apr 29th)<\/div>\n

\t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Today,\u00a0two different “new” requests\u00a0hit our honeypots. Both appear to be recon requests and not associated with specific vulnerabilities. But as always, please let me know if you have additional information<\/p>\n

1 – Broadcom API Gateway<\/p>\n

\n

GET \/bam\/restart\/if\/required
\nHost: [redacted]:8080
\nConnection: close<\/tt><\/p>\n<\/blockquote>\n

This request is targeting a Broadcom API Gateway endpoint. As is, the request should not cause any problems, but the response may indicate if a Broadcom API Gateway is used, and it could lead to follow-up\u00a0attacks.<\/p>\n

2 – ESP32<\/p>\n

\n

GET \/esps\/
\nhost: [redcated]:8080
\nuser-agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/126.0.0.0 Safari\/537.36
\nconnection: close
\naccept: *\/*
\naccept-language: en
\naccept-encoding: gzip<\/code><\/p>\n<\/blockquote>\n

The path “\/esps\/” is associated with ESP32 devices. The ESP32 platform is a low-cost system-on-a-chip (SOC) device that is frequently used in IoT devices\u00a0or even in various home automation projects. The URL ‘\/esps\/’ may be associated with uploading firmware, but I have not\u00a0yet seen any follow-up attacks.<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n


\nJohannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu<\/a>
\nTwitter<\/a>|<\/p>\n

(c) SANS Internet Storm Center. https:\/\/isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.<\/p><\/div>\n

\t

\n
<\/BR><\/p>\n

\t

\n
<\/BR>
\nGo to isc.sans.edu<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Today’s Odd Web Requests, (Wed, Apr 29th) Today,\u00a0two different “new” requests\u00a0hit our honeypots. Both appear to be recon requests and not associated with specific vulnerabilities. But as always, please let me know if you have additional information 1 – Broadcom API Gateway GET \/bam\/restart\/if\/required Host: [redacted]:8080 Connection: close This request is targeting a Broadcom API […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[56],"tags":[69],"class_list":["post-12492","post","type-post","status-publish","format-standard","hentry","category-isc-sans-edu","tag-isc-sans-edu"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/12492"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=12492"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/12492\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=12492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=12492"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=12492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}