{"ip":"143.198.164.235","total_events":353,"verdict":{"verdict":"malicious","label":"Exploit attempts observed","detail":"1 exploit-path hits","confidence":"medium","network_type":"CDN"},"first_seen":"2026-05-29T22:25:11","last_seen":"2026-06-01T05:39:11","events_24h":0,"events_7d":353,"geo":{"country_code":"US","country_name":"United States","region":"New Jersey","city":"North Bergen","lat":40.7964,"lon":-74.0203,"asn":14061,"org":"DigitalOcean, LLC"},"source_domain":"scale-test-1779871031033-b7767c5f.mongo.ondigitalocean.com","known_scanners":[],"scanner_tag":{"key":"digitalocean","label":"DigitalOcean","category":"hosting_provider","url":"https://www.digitalocean.com/"},"cve_matches":[],"top_ports":[{"port":11211,"proto":"tcp","label":"Memcached","count":18},{"port":27018,"proto":"tcp","label":"MongoDB","count":16},{"port":6379,"proto":"tcp","label":"Redis","count":16},{"port":8883,"proto":"tcp","label":"","count":16},{"port":1883,"proto":"tcp","label":"MQTT","count":16},{"port":27017,"proto":"tcp","label":"MongoDB","count":15},{"port":9300,"proto":"tcp","label":"Elastic-tr","count":14},{"port":5671,"proto":"tcp","label":"","count":14},{"port":2181,"proto":"tcp","label":"","count":14},{"port":5984,"proto":"tcp","label":"CouchDB","count":14},{"port":9201,"proto":"tcp","label":"","count":14},{"port":10086,"proto":"tcp","label":"","count":13},{"port":8983,"proto":"tcp","label":"Solr","count":13},{"port":27019,"proto":"tcp","label":"","count":12},{"port":7574,"proto":"tcp","label":"","count":12}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190900_9dc949149365_e7c285222651"],"ja4h":["ge11nn0300_86b6b04cb9cc","ge11nn0400_88d30a62b7ad","po11nn0600_3f2c5e85e3a2","ge11nn0300_0db47b7d240d"]},"fingerprint_peers":{"t13i190900_9dc949149365_e7c285222651":1913,"ge11nn0300_0db47b7d240d":3772,"po11nn0600_3f2c5e85e3a2":66,"ge11nn0300_86b6b04cb9cc":4460,"ge11nn0400_88d30a62b7ad":5667},"user_agents":["Go-http-client/1.1","Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"],"timeline":[{"date":"2026-05-29","count":15},{"date":"2026-05-30","count":184},{"date":"2026-05-31","count":137},{"date":"2026-06-01","count":17}],"recent_events":[{"timestamp":"2026-06-01T05:39:11","port":29092,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"475\",\"content-type\":\"application/xml\",\"host\":\"<HONEYPOT>:29092\",\"user-agent\":\"Go-http-client/1.1\",\"x-aggregate-auth\":\"1\"}","body":"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\t\t\t\t<config-auth client=\"vpn\" type=\"init\" aggregate-auth-version=\"2\">\n\t\t\t\t<version who=\"vpn\">3.1.05160</version>\n\t\t\t\t<device-id device-type=\"iPhone13,1\" platform-version=\"15.0.1\" unique-id=\"ABCDEF1234567890\">iOS</device-id>\n\t\t\t\t<mac-address-list>\n\t\t\t\t\t<mac-address>01:23:45:67:89:AB</mac-address>\n\t\t\t\t</mac-address-list>\n\t\t\t\t<group-select>VPN</group-select>\n\t\t\t\t<group-access>https://<HONEYPOT>:29092</group-access>\n\t\t\t\t</config-auth>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"POST","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T05:39:11","port":29092,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:29092\",\"user-agent\":\"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"},{"timestamp":"2026-06-01T05:39:11","port":29092,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:29092\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/cgi-bin/authLogin.cgi","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T02:44:25","port":15672,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:15672\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/query?q=SHOW+DIAGNOSTICS","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T01:36:45","port":11211,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:11211\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T01:36:45","port":11211,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:11211\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T01:36:45","port":11211,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"475\",\"content-type\":\"application/xml\",\"host\":\"<HONEYPOT>:11211\",\"user-agent\":\"Go-http-client/1.1\",\"x-aggregate-auth\":\"1\"}","body":"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\t\t\t\t<config-auth client=\"vpn\" type=\"init\" aggregate-auth-version=\"2\">\n\t\t\t\t<version who=\"vpn\">3.1.05160</version>\n\t\t\t\t<device-id device-type=\"iPhone13,1\" platform-version=\"15.0.1\" unique-id=\"ABCDEF1234567890\">iOS</device-id>\n\t\t\t\t<mac-address-list>\n\t\t\t\t\t<mac-address>01:23:45:67:89:AB</mac-address>\n\t\t\t\t</mac-address-list>\n\t\t\t\t<group-select>VPN</group-select>\n\t\t\t\t<group-access>https://<HONEYPOT>:11211</group-access>\n\t\t\t\t</config-auth>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"POST","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T01:36:45","port":11211,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"stats settings\r\n","method":"","user_agent":"","enriched":{"digest":"851657fb6672008d","label":"Memcached","strings":["stats settings"]}},{"timestamp":"2026-06-01T01:36:45","port":11211,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:11211\",\"user-agent\":\"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"},{"timestamp":"2026-06-01T01:36:45","port":11211,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"stats\r\n","method":"","user_agent":"","enriched":{"digest":"8ba3dc4bf81a4992","label":"Memcached","strings":["stats"]}}],"http_methods":[{"method":"GET","count":294},{"method":"POST","count":43}],"distinct_ports_total":29,"top_paths":[{"path":"/","count":154,"ports":29},{"path":"/cgi-bin/authLogin.cgi","count":43,"ports":26},{"path":"/v2/_catalog","count":36,"ports":24},{"path":"/solr/admin/info/system","count":36,"ports":24},{"path":"/solr/admin/cores?action=STATUS&wt=json","count":36,"ports":24},{"path":"/query?q=SHOW+DIAGNOSTICS","count":32,"ports":20}],"distinct_paths_total":6,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Connection","Content-Length","Content-Type","Host","User-Agent","X-Aggregate-Auth"],"representative":[{"name":"Connection","value":"close","notable":false},{"name":"Content-Length","value":"475","notable":false},{"name":"Content-Type","value":"application/xml","notable":true},{"name":"Host","value":"<HONEYPOT>:29092","notable":false},{"name":"User-Agent","value":"Go-http-client/1.1","notable":false},{"name":"X-Aggregate-Auth","value":"1","notable":true}],"distinct_sets":4,"events_with_headers":8},"tags":[],"data_as_of":"2026-06-05T02:09:13.832484+00:00"}