{"ip":"159.223.20.71","total_events":87,"verdict":{"verdict":"malicious","label":"Exploit attempts observed","detail":"1 exploit-path hits","confidence":"medium","network_type":"CDN"},"first_seen":"2026-05-25T08:17:40","last_seen":"2026-06-04T19:25:44","events_24h":17,"events_7d":41,"geo":{"country_code":"DE","country_name":"Germany","region":"Hesse","city":"Frankfurt am Main","lat":50.1169,"lon":8.6837,"asn":14061,"org":"DigitalOcean, LLC"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as14061","label":"DigitalOcean","category":"cdn","url":"https://www.peeringdb.com/asn/14061"},"cve_matches":[],"top_ports":[{"port":9092,"proto":"tcp","label":"Kafka","count":8},{"port":443,"proto":"tcp","label":"HTTPS","count":8},{"port":1911,"proto":"tcp","label":"","count":7},{"port":20000,"proto":"tcp","label":"","count":6},{"port":5060,"proto":"tcp","label":"SIP","count":6},{"port":587,"proto":"tcp","label":"SMTP","count":5},{"port":445,"proto":"tcp","label":"SMB","count":4},{"port":2525,"proto":"tcp","label":"","count":4},{"port":9042,"proto":"tcp","label":"Cassandra","count":3},{"port":8080,"proto":"tcp","label":"HTTP-alt","count":3},{"port":22,"proto":"tcp","label":"SSH","count":3},{"port":23,"proto":"tcp","label":"Telnet","count":3},{"port":465,"proto":"tcp","label":"SMTPS","count":3},{"port":6000,"proto":"tcp","label":"X11","count":2},{"port":21,"proto":"tcp","label":"FTP","count":2}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i191000_9dc949149365_e5728521abd4","t12d400600_44c89e5422f1_e51b7354d87f"],"ja4h":["ge11nn0300_86b6b04cb9cc","ge11nn0400_88d30a62b7ad","po11nn0600_3f2c5e85e3a2","ge11nn0300_0db47b7d240d"]},"fingerprint_peers":{"t13i191000_9dc949149365_e5728521abd4":66,"t12d400600_44c89e5422f1_e51b7354d87f":18,"ge11nn0300_0db47b7d240d":3774,"po11nn0600_3f2c5e85e3a2":66,"ge11nn0300_86b6b04cb9cc":4471,"ge11nn0400_88d30a62b7ad":5665},"user_agents":["Go-http-client/1.1","Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"],"timeline":[{"date":"2026-05-25","count":13},{"date":"2026-05-26","count":12},{"date":"2026-05-27","count":15},{"date":"2026-05-28","count":6},{"date":"2026-05-30","count":1},{"date":"2026-05-31","count":1},{"date":"2026-06-01","count":2},{"date":"2026-06-02","count":14},{"date":"2026-06-03","count":6},{"date":"2026-06-04","count":17}],"recent_events":[{"timestamp":"2026-06-04T19:25:44","port":1911,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:1911\",\"user-agent\":\"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"},{"timestamp":"2026-06-04T18:50:22","port":8086,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"474\",\"content-type\":\"application/xml\",\"host\":\"<HONEYPOT>:8086\",\"user-agent\":\"Go-http-client/1.1\",\"x-aggregate-auth\":\"1\"}","body":"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\t\t\t\t<config-auth client=\"vpn\" type=\"init\" aggregate-auth-version=\"2\">\n\t\t\t\t<version who=\"vpn\">3.1.05160</version>\n\t\t\t\t<device-id device-type=\"iPhone13,1\" platform-version=\"15.0.1\" unique-id=\"ABCDEF1234567890\">iOS</device-id>\n\t\t\t\t<mac-address-list>\n\t\t\t\t\t<mac-address>01:23:45:67:89:AB</mac-address>\n\t\t\t\t</mac-address-list>\n\t\t\t\t<group-select>VPN</group-select>\n\t\t\t\t<group-access>https://<HONEYPOT>:8086</group-access>\n\t\t\t\t</config-auth>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"POST","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-04T17:01:07","port":587,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:587\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/cgi-bin/authLogin.cgi","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-04T16:57:18","port":1911,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"fox a 1 -1 fox hello\n{\nfox.version=s:1.0\nid=i:1\nhostName=s:xpvm-0omdc01xmy\nhostAddress=s:192.168.1.125\napp.name=s:Workbench\napp.version=s:3.7.44\nvm.name=s:Java HotSpot(TM) Server VM\nvm.version=s:20.4-b02\nos.name=s:Windows XP\nos.version=s:5.1\nlang=s:en\ntimeZone=s:America/Los_Angeles;-28800000;3600000;02:00:00.000,wall,march,8,on or after,sunday,undefined;02:00:00.000,wall,november,1,on or after,sunday,undefined\nhostId=s:Win-99CB-D49D-5442-07BB\nvmUuid=s:8b530bc8-76c5-4139-a2ea-0fabd394d305\nbrandId=s:vykon\n};;\n","method":"","user_agent":"","enriched":{"digest":"fe39c976bf6d2d07","strings":["fox a 1 -1 fox hello","fox.version=s:1.0","id=i:1","hostName=s:xpvm-0omdc01xmy","hostAddress=s:192.168.1.125","app.name=s:Workbench","app.version=s:3.7.44","vm.name=s:Java HotSpot(TM) Server VM","vm.version=s:20.4-b02","os.name=s:Windows XP"],"iocs":{"ips":["192.168.1.125"],"domains":["fox.version","app.name","app.version","vm.name","vm.version","os.name"]}}},{"timestamp":"2026-06-04T14:46:18","port":587,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:587\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/solr/admin/cores?action=STATUS&wt=json","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-04T14:46:17","port":587,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:587\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/solr/admin/info/system","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-04T14:35:17","port":587,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"473\",\"content-type\":\"application/xml\",\"host\":\"<HONEYPOT>:587\",\"user-agent\":\"Go-http-client/1.1\",\"x-aggregate-auth\":\"1\"}","body":"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\t\t\t\t<config-auth client=\"vpn\" type=\"init\" aggregate-auth-version=\"2\">\n\t\t\t\t<version who=\"vpn\">3.1.05160</version>\n\t\t\t\t<device-id device-type=\"iPhone13,1\" platform-version=\"15.0.1\" unique-id=\"ABCDEF1234567890\">iOS</device-id>\n\t\t\t\t<mac-address-list>\n\t\t\t\t\t<mac-address>01:23:45:67:89:AB</mac-address>\n\t\t\t\t</mac-address-list>\n\t\t\t\t<group-select>VPN</group-select>\n\t\t\t\t<group-access>https://<HONEYPOT>:587</group-access>\n\t\t\t\t</config-auth>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"POST","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-04T13:40:28","port":110,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:110\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v2/_catalog","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-04T05:48:46","port":5060,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:5060\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/solr/admin/cores?action=STATUS&wt=json","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-04T05:48:46","port":5060,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"474\",\"content-type\":\"application/xml\",\"host\":\"<HONEYPOT>:5060\",\"user-agent\":\"Go-http-client/1.1\",\"x-aggregate-auth\":\"1\"}","body":"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\t\t\t\t<config-auth client=\"vpn\" type=\"init\" aggregate-auth-version=\"2\">\n\t\t\t\t<version who=\"vpn\">3.1.05160</version>\n\t\t\t\t<device-id device-type=\"iPhone13,1\" platform-version=\"15.0.1\" unique-id=\"ABCDEF1234567890\">iOS</device-id>\n\t\t\t\t<mac-address-list>\n\t\t\t\t\t<mac-address>01:23:45:67:89:AB</mac-address>\n\t\t\t\t</mac-address-list>\n\t\t\t\t<group-select>VPN</group-select>\n\t\t\t\t<group-access>https://<HONEYPOT>:5060</group-access>\n\t\t\t\t</config-auth>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"POST","user_agent":"Go-http-client/1.1"}],"http_methods":[{"method":"GET","count":67},{"method":"POST","count":17}],"distinct_ports_total":27,"top_paths":[{"path":"/","count":35,"ports":18},{"path":"/solr/admin/info/system","count":13,"ports":10},{"path":"/solr/admin/cores?action=STATUS&wt=json","count":13,"ports":10},{"path":"/v2/_catalog","count":11,"ports":11},{"path":"/cgi-bin/authLogin.cgi","count":7,"ports":7},{"path":"/query?q=SHOW+DIAGNOSTICS","count":5,"ports":5}],"distinct_paths_total":6,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Connection","Content-Length","Content-Type","Host","User-Agent","X-Aggregate-Auth"],"representative":[{"name":"Connection","value":"close","notable":false},{"name":"Content-Length","value":"474","notable":false},{"name":"Content-Type","value":"application/xml","notable":true},{"name":"Host","value":"<HONEYPOT>:8086","notable":false},{"name":"User-Agent","value":"Go-http-client/1.1","notable":false},{"name":"X-Aggregate-Auth","value":"1","notable":true}],"distinct_sets":3,"events_with_headers":9},"tags":[],"data_as_of":"2026-06-04T23:52:44.653681+00:00"}