{"ip":"143.198.117.237","total_events":254,"verdict":{"verdict":"malicious","label":"Exploit attempts observed","detail":"1 exploit-path hits","confidence":"medium","network_type":"CDN"},"first_seen":"2026-05-27T13:22:10","last_seen":"2026-05-29T18:10:22","events_24h":0,"events_7d":54,"geo":{"country_code":"US","country_name":"United States","region":"New Jersey","city":"North Bergen","lat":40.7964,"lon":-74.0203,"asn":14061,"org":"DigitalOcean, LLC"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as14061","label":"DigitalOcean","category":"cdn","url":"https://www.peeringdb.com/asn/14061"},"cve_matches":[],"top_ports":[{"port":9200,"proto":"tcp","label":"Elastic","count":15},{"port":1433,"proto":"tcp","label":"MSSQL","count":14},{"port":27017,"proto":"tcp","label":"MongoDB","count":14},{"port":5671,"proto":"tcp","label":"","count":14},{"port":9302,"proto":"tcp","label":"","count":14},{"port":9093,"proto":"tcp","label":"","count":13},{"port":5984,"proto":"tcp","label":"CouchDB","count":13},{"port":11211,"proto":"tcp","label":"Memcached","count":12},{"port":9300,"proto":"tcp","label":"Elastic-tr","count":12},{"port":8983,"proto":"tcp","label":"Solr","count":11},{"port":27018,"proto":"tcp","label":"MongoDB","count":10},{"port":1434,"proto":"tcp","label":"MSSQL","count":10},{"port":6379,"proto":"tcp","label":"Redis","count":10},{"port":1883,"proto":"tcp","label":"MQTT","count":9},{"port":9203,"proto":"tcp","label":"","count":9}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190900_9dc949149365_e7c285222651"],"ja4h":["ge11nn0400_88d30a62b7ad","ge11nn0300_86b6b04cb9cc","po11nn0600_3f2c5e85e3a2","ge11nn0300_0db47b7d240d"]},"fingerprint_peers":{"t13i190900_9dc949149365_e7c285222651":1911,"ge11nn0300_0db47b7d240d":3771,"po11nn0600_3f2c5e85e3a2":66,"ge11nn0300_86b6b04cb9cc":4465,"ge11nn0400_88d30a62b7ad":5667},"user_agents":["Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)","Go-http-client/1.1"],"timeline":[{"date":"2026-05-27","count":66},{"date":"2026-05-28","count":134},{"date":"2026-05-29","count":54}],"recent_events":[{"timestamp":"2026-05-29T18:10:22","port":9203,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9203\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-05-29T18:10:22","port":9203,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9203\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-05-29T18:10:22","port":9203,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"474\",\"content-type\":\"application/xml\",\"host\":\"<HONEYPOT>:9203\",\"user-agent\":\"Go-http-client/1.1\",\"x-aggregate-auth\":\"1\"}","body":"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\t\t\t\t<config-auth client=\"vpn\" type=\"init\" aggregate-auth-version=\"2\">\n\t\t\t\t<version who=\"vpn\">3.1.05160</version>\n\t\t\t\t<device-id device-type=\"iPhone13,1\" platform-version=\"15.0.1\" unique-id=\"ABCDEF1234567890\">iOS</device-id>\n\t\t\t\t<mac-address-list>\n\t\t\t\t\t<mac-address>01:23:45:67:89:AB</mac-address>\n\t\t\t\t</mac-address-list>\n\t\t\t\t<group-select>VPN</group-select>\n\t\t\t\t<group-access>https://<HONEYPOT>:9203</group-access>\n\t\t\t\t</config-auth>","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"POST","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-05-29T12:49:34","port":9202,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"474\",\"content-type\":\"application/xml\",\"host\":\"<HONEYPOT>:9202\",\"user-agent\":\"Go-http-client/1.1\",\"x-aggregate-auth\":\"1\"}","body":"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\t\t\t\t<config-auth client=\"vpn\" type=\"init\" aggregate-auth-version=\"2\">\n\t\t\t\t<version who=\"vpn\">3.1.05160</version>\n\t\t\t\t<device-id device-type=\"iPhone13,1\" platform-version=\"15.0.1\" unique-id=\"ABCDEF1234567890\">iOS</device-id>\n\t\t\t\t<mac-address-list>\n\t\t\t\t\t<mac-address>01:23:45:67:89:AB</mac-address>\n\t\t\t\t</mac-address-list>\n\t\t\t\t<group-select>VPN</group-select>\n\t\t\t\t<group-access>https://<HONEYPOT>:9202</group-access>\n\t\t\t\t</config-auth>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"POST","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-05-29T11:08:48","port":3306,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:3306\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/query?q=SHOW+DIAGNOSTICS","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-05-29T11:08:48","port":3306,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:3306\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/cgi-bin/authLogin.cgi","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-05-29T10:46:15","port":9301,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:9301\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/solr/admin/cores?action=STATUS&wt=json","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-05-29T10:46:15","port":9301,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9301\",\"user-agent\":\"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"},{"timestamp":"2026-05-29T10:46:15","port":9301,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:9301\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/solr/admin/info/system","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-05-29T10:46:15","port":9301,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:9301\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v2/_catalog","summary":"","method":"GET","user_agent":"Go-http-client/1.1"}],"http_methods":[{"method":"GET","count":215},{"method":"POST","count":24}],"distinct_ports_total":29,"top_paths":[{"path":"/","count":102,"ports":24},{"path":"/query?q=SHOW+DIAGNOSTICS","count":28,"ports":19},{"path":"/cgi-bin/authLogin.cgi","count":27,"ports":18},{"path":"/v2/_catalog","count":25,"ports":18},{"path":"/solr/admin/info/system","count":25,"ports":18},{"path":"/solr/admin/cores?action=STATUS&wt=json","count":25,"ports":18},{"path":"/?pretty","count":2,"ports":1},{"path":"/_cluster/health?pretty","count":2,"ports":1},{"path":"/_cat/indices?format=json","count":2,"ports":1},{"path":"/_all_dbs","count":1,"ports":1}],"distinct_paths_total":10,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Connection","Content-Length","Content-Type","Host","User-Agent","X-Aggregate-Auth"],"representative":[{"name":"Connection","value":"close","notable":false},{"name":"Content-Length","value":"474","notable":false},{"name":"Content-Type","value":"application/xml","notable":true},{"name":"Host","value":"<HONEYPOT>:9203","notable":false},{"name":"User-Agent","value":"Go-http-client/1.1","notable":false},{"name":"X-Aggregate-Auth","value":"1","notable":true}],"distinct_sets":4,"events_with_headers":10},"tags":[],"data_as_of":"2026-06-05T01:00:50.247286+00:00"}