TWO different “new” requests hit the honeypots, and both appear to be recon attempts rather than exploits of specific vulnerabilities. The first targets a Broadcom API Gateway with a GET request to /bam/restart/if/required, from a redacted host on port 8080, where the response may reveal whether a Broadcom API Gateway is in use and potentially enable follow-up attacks.
The second concerns ESP32 devices, with a GET to /esps/ and a user‑agent string that resembles a Windows 10 environment; this path is linked to ESP32, a low‑cost system-on-a-chip used in IoT and home automation projects, though no follow‑up attacks have been observed yet. The post notes that the requests look like reconnaissance rather than direct compromise. According to Johannes B.
Ullrich, Ph.D., Dean of Research, SANS[.]edu, the author, the analysis emphasises the potential usefulness of the data for defenders to identify exposed gateways and IoT devices. Published on 29 April 2026, the diary entry invites readers to share additional information if available.