{"ip":"157.230.26.229","total_events":9951,"verdict":{"verdict":"scanning","label":"Unrecognized scanner","detail":"8527+ ports swept","confidence":"medium","network_type":"CDN","why":["No exploit payloads observed.","Swept 8527 distinct ports (threshold for a sweep is 10).","Not in any known-scanner range."]},"first_seen":"2026-07-04T03:41:30","last_seen":"2026-07-04T03:43:25","events_24h":0,"events_7d":9951,"geo":{"country_code":"DE","country_name":"Germany","region":"Hesse","city":"Frankfurt am Main","lat":50.1169,"lon":8.6837,"asn":14061,"org":"DigitalOcean, LLC"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as14061","label":"DigitalOcean","category":"cdn","url":"https://www.peeringdb.com/asn/14061"},"cve_matches":[],"malware":[],"top_ports":[{"port":13105,"proto":"tcp","label":"","count":5},{"port":1853,"proto":"tcp","label":"","count":5},{"port":7503,"proto":"tcp","label":"","count":4},{"port":1491,"proto":"tcp","label":"","count":4},{"port":45036,"proto":"tcp","label":"","count":4},{"port":31334,"proto":"tcp","label":"","count":4},{"port":24025,"proto":"tcp","label":"","count":4},{"port":23936,"proto":"tcp","label":"","count":4},{"port":4088,"proto":"tcp","label":"","count":4},{"port":3735,"proto":"tcp","label":"","count":4},{"port":35114,"proto":"tcp","label":"","count":4},{"port":10820,"proto":"tcp","label":"","count":4},{"port":60164,"proto":"tcp","label":"","count":4},{"port":23933,"proto":"tcp","label":"","count":4},{"port":21353,"proto":"tcp","label":"","count":4}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["ge11nn0400_88d30a62b7ad"]},"fingerprint_peers":{"ge11nn0400_88d30a62b7ad":7852},"user_agents":["Mozilla/5.0 zgrab/0.x"],"timeline":[{"date":"2026-07-04","count":9951}],"recent_events":[{"timestamp":"2026-07-04T03:43:25","port":3392,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:3392\",\"user-agent\":\"Mozilla/5.0 zgrab/0.x\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/squid-internal-mgr/cachemgr.cgi","summary":"","payload_hex":"474554202f73717569642d696e7465726e616c2d6d67722f63616368656d67722e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a333339320d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 zgrab/0.x","community_id":"1:AQPSBroAbVkCmfleSwD4cSA2HuE=","ja3":"","session":"57fb5eb0-7a1d-4a63-b0e1-8d138fdd1798","seq":1,"duration_ms":101,"bytes_in":147,"bytes_out":79},{"timestamp":"2026-07-04T03:43:25","port":396,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:396\",\"user-agent\":\"Mozilla/5.0 zgrab/0.x\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/squid-internal-mgr/cachemgr.cgi","summary":"","payload_hex":"474554202f73717569642d696e7465726e616c2d6d67722f63616368656d67722e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a3339360d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 zgrab/0.x","community_id":"1:e7D0cxtqYwjysJXmZoZnx9WjrXQ=","ja3":"","session":"597641ef-f199-4cce-ae88-3cf12ad27cf7","seq":1,"duration_ms":100,"bytes_in":146,"bytes_out":79},{"timestamp":"2026-07-04T03:43:25","port":44976,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:44976\",\"user-agent\":\"Mozilla/5.0 zgrab/0.x\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/squid-internal-mgr/cachemgr.cgi","summary":"","payload_hex":"474554202f73717569642d696e7465726e616c2d6d67722f63616368656d67722e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a34343937360d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 zgrab/0.x","community_id":"1:ZOnHPnuDJNeCtmjDpHCEykd66cM=","ja3":"","session":"3ba05608-4e1f-497a-967c-83869d352654","seq":1,"duration_ms":100,"bytes_in":148,"bytes_out":79},{"timestamp":"2026-07-04T03:43:25","port":661,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:661\",\"user-agent\":\"Mozilla/5.0 zgrab/0.x\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/squid-internal-mgr/cachemgr.cgi","summary":"","payload_hex":"474554202f73717569642d696e7465726e616c2d6d67722f63616368656d67722e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a3636310d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 zgrab/0.x","community_id":"1:PtVnkcESrsKz+bfcEOBcloqENw8=","ja3":"","session":"8df2a386-7ecc-4144-af83-acb59a560a88","seq":1,"duration_ms":101,"bytes_in":146,"bytes_out":79},{"timestamp":"2026-07-04T03:43:25","port":2379,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:2379\",\"user-agent\":\"Mozilla/5.0 zgrab/0.x\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/squid-internal-mgr/cachemgr.cgi","summary":"","payload_hex":"474554202f73717569642d696e7465726e616c2d6d67722f63616368656d67722e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a323337390d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 zgrab/0.x","community_id":"1:njAg+T5oSbl0tjmWDMMWCcTKNK4=","ja3":"","session":"0778d7eb-d72b-4e52-a0ed-acffc7ae4e05","seq":1,"duration_ms":100,"bytes_in":147,"bytes_out":79},{"timestamp":"2026-07-04T03:43:25","port":6758,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:6758\",\"user-agent\":\"Mozilla/5.0 zgrab/0.x\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/squid-internal-mgr/cachemgr.cgi","summary":"","payload_hex":"474554202f73717569642d696e7465726e616c2d6d67722f63616368656d67722e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a363735380d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 zgrab/0.x","community_id":"1:I4L9IbGzI+XZICz+6AZMUaYnx9E=","ja3":"","session":"50124a3b-f644-4d48-b8be-7bf759e4cd01","seq":1,"duration_ms":100,"bytes_in":147,"bytes_out":79},{"timestamp":"2026-07-04T03:43:25","port":5731,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:5731\",\"user-agent\":\"Mozilla/5.0 zgrab/0.x\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/squid-internal-mgr/cachemgr.cgi","summary":"","payload_hex":"474554202f73717569642d696e7465726e616c2d6d67722f63616368656d67722e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a353733310d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 zgrab/0.x","community_id":"1:s7owlUZGAz26dVQgxkPBlMEIPcM=","ja3":"","session":"5258e3d6-7041-4fde-9f8b-4c9be8d88ccf","seq":1,"duration_ms":100,"bytes_in":147,"bytes_out":79},{"timestamp":"2026-07-04T03:43:25","port":13187,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:13187\",\"user-agent\":\"Mozilla/5.0 zgrab/0.x\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/squid-internal-mgr/cachemgr.cgi","summary":"","payload_hex":"474554202f73717569642d696e7465726e616c2d6d67722f63616368656d67722e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a31333138370d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 zgrab/0.x","community_id":"1:ivLBzSBcoO3A76fm2ukZvf0Pth4=","ja3":"","session":"9aad4340-a621-42a7-99bd-c3702f3ada4c","seq":1,"duration_ms":100,"bytes_in":148,"bytes_out":79},{"timestamp":"2026-07-04T03:43:25","port":397,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:397\",\"user-agent\":\"Mozilla/5.0 zgrab/0.x\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/squid-internal-mgr/cachemgr.cgi","summary":"","payload_hex":"474554202f73717569642d696e7465726e616c2d6d67722f63616368656d67722e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a3339370d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 zgrab/0.x","community_id":"1:1AdhkPyU7q5p3n8tQzcH0SOnXHU=","ja3":"","session":"b285d084-8ca2-48e2-b71f-99ec5e8d3726","seq":1,"duration_ms":100,"bytes_in":146,"bytes_out":79},{"timestamp":"2026-07-04T03:43:25","port":55545,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:55545\",\"user-agent\":\"Mozilla/5.0 zgrab/0.x\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/squid-internal-mgr/cachemgr.cgi","summary":"","payload_hex":"474554202f73717569642d696e7465726e616c2d6d67722f63616368656d67722e63676920485454502f312e310d0a486f73743a20<HONEYPOT>3a35353534350d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 zgrab/0.x","community_id":"1:WMueMhO/fPZLH7Y3TwpmpAYBjxQ=","ja3":"","session":"afef4f44-d79f-4d60-95d4-f53fa4efabfd","seq":1,"duration_ms":100,"bytes_in":148,"bytes_out":79}],"http_methods":[{"method":"GET","count":9951}],"distinct_ports_total":8527,"top_paths":[{"path":"/squid-internal-mgr/cachemgr.cgi","count":9951,"ports":8527}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:3392","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 zgrab/0.x","notable":false}],"distinct_sets":1,"events_with_headers":10},"tags":[],"data_as_of":"2026-07-05T04:32:50.152223+00:00"}