{"ip":"167.172.158.249","total_events":351,"verdict":{"verdict":"malicious","label":"Exploit attempts observed","detail":"1 exploit-path hits","confidence":"medium","network_type":"CDN"},"first_seen":"2026-05-29T22:25:11","last_seen":"2026-06-01T05:39:11","events_24h":0,"events_7d":351,"geo":{"country_code":"US","country_name":"United States","region":"New Jersey","city":"North Bergen","lat":40.7964,"lon":-74.0203,"asn":14061,"org":"DigitalOcean, LLC"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as14061","label":"DigitalOcean","category":"cdn","url":"https://www.peeringdb.com/asn/14061"},"cve_matches":[],"top_ports":[{"port":9093,"proto":"tcp","label":"","count":30},{"port":1434,"proto":"tcp","label":"MSSQL","count":22},{"port":1433,"proto":"tcp","label":"MSSQL","count":18},{"port":8087,"proto":"tcp","label":"","count":16},{"port":8883,"proto":"tcp","label":"","count":16},{"port":29092,"proto":"tcp","label":"","count":16},{"port":9301,"proto":"tcp","label":"","count":14},{"port":9200,"proto":"tcp","label":"Elastic","count":14},{"port":1883,"proto":"tcp","label":"MQTT","count":14},{"port":27019,"proto":"tcp","label":"","count":14},{"port":7574,"proto":"tcp","label":"","count":14},{"port":9202,"proto":"tcp","label":"","count":12},{"port":11211,"proto":"tcp","label":"Memcached","count":12},{"port":9203,"proto":"tcp","label":"","count":12},{"port":5984,"proto":"tcp","label":"CouchDB","count":12}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190900_9dc949149365_e7c285222651"],"ja4h":["ge11nn0300_86b6b04cb9cc","ge11nn0400_88d30a62b7ad","po11nn0600_3f2c5e85e3a2","ge11nn0300_0db47b7d240d"]},"fingerprint_peers":{"t13i190900_9dc949149365_e7c285222651":1908,"ge11nn0300_0db47b7d240d":3775,"po11nn0600_3f2c5e85e3a2":66,"ge11nn0300_86b6b04cb9cc":4481,"ge11nn0400_88d30a62b7ad":5663},"user_agents":["Go-http-client/1.1","Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"],"timeline":[{"date":"2026-05-29","count":17},{"date":"2026-05-30","count":210},{"date":"2026-05-31","count":109},{"date":"2026-06-01","count":15}],"recent_events":[{"timestamp":"2026-06-01T05:39:11","port":29092,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:29092\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v2/_catalog","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T02:44:25","port":15672,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:15672\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/solr/admin/cores?action=STATUS&wt=json","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T02:44:25","port":15672,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"475\",\"content-type\":\"application/xml\",\"host\":\"<HONEYPOT>:15672\",\"user-agent\":\"Go-http-client/1.1\",\"x-aggregate-auth\":\"1\"}","body":"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\t\t\t\t<config-auth client=\"vpn\" type=\"init\" aggregate-auth-version=\"2\">\n\t\t\t\t<version who=\"vpn\">3.1.05160</version>\n\t\t\t\t<device-id device-type=\"iPhone13,1\" platform-version=\"15.0.1\" unique-id=\"ABCDEF1234567890\">iOS</device-id>\n\t\t\t\t<mac-address-list>\n\t\t\t\t\t<mac-address>01:23:45:67:89:AB</mac-address>\n\t\t\t\t</mac-address-list>\n\t\t\t\t<group-select>VPN</group-select>\n\t\t\t\t<group-access>https://<HONEYPOT>:15672</group-access>\n\t\t\t\t</config-auth>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"POST","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T02:44:25","port":15672,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:15672\",\"user-agent\":\"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"},{"timestamp":"2026-06-01T02:44:25","port":15672,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:15672\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/solr/admin/info/system","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T02:44:25","port":15672,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:15672\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/cgi-bin/authLogin.cgi","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T01:36:45","port":11211,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:11211\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v2/_catalog","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T00:48:20","port":11211,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:11211\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T00:48:20","port":11211,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:11211\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-06-01T00:48:19","port":11211,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:11211\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/query?q=SHOW+DIAGNOSTICS","summary":"","method":"GET","user_agent":"Go-http-client/1.1"}],"http_methods":[{"method":"GET","count":293},{"method":"POST","count":32}],"distinct_ports_total":29,"top_paths":[{"path":"/","count":143,"ports":29},{"path":"/v2/_catalog","count":43,"ports":26},{"path":"/query?q=SHOW+DIAGNOSTICS","count":36,"ports":24},{"path":"/solr/admin/info/system","count":32,"ports":20},{"path":"/cgi-bin/authLogin.cgi","count":32,"ports":20},{"path":"/solr/admin/cores?action=STATUS&wt=json","count":32,"ports":20},{"path":"/?pretty","count":2,"ports":1},{"path":"/_cluster/health?pretty","count":2,"ports":1},{"path":"/_cat/indices?format=json","count":2,"ports":1},{"path":"/_all_dbs","count":1,"ports":1}],"distinct_paths_total":10,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Connection","Content-Length","Content-Type","Host","User-Agent","X-Aggregate-Auth"],"representative":[{"name":"Connection","value":"close","notable":false},{"name":"Content-Length","value":"475","notable":false},{"name":"Content-Type","value":"application/xml","notable":true},{"name":"Host","value":"<HONEYPOT>:15672","notable":false},{"name":"User-Agent","value":"Go-http-client/1.1","notable":false},{"name":"X-Aggregate-Auth","value":"1","notable":true}],"distinct_sets":4,"events_with_headers":10},"tags":[],"data_as_of":"2026-06-04T22:57:27.879026+00:00"}