{"ip":"167.71.197.122","total_events":4,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":"CDN","why":["4 event(s), fewer than 10 distinct ports, no exploit payloads.","Not in any known-scanner range."]},"first_seen":"2026-06-10T14:44:15","last_seen":"2026-07-10T00:56:08","events_24h":0,"events_7d":2,"geo":{"country_code":"SG","country_name":"Singapore","region":"","city":"Singapore","lat":1.314,"lon":103.6839,"asn":14061,"org":"DigitalOcean, LLC"},"source_domain":"dns-sing.upnyk.ac.id","known_scanners":[],"scanner_tag":{"key":"peeringdb:as14061","label":"DigitalOcean","category":"cdn","url":"https://www.peeringdb.com/asn/14061"},"cve_matches":[{"cve_id":"CVE-2026-41940","title":"cPanel & WHM - Authentication Bypass via Session-File CRLF Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"/login/?login_only=1"}],"malware":[],"top_ports":[{"port":2087,"proto":"tcp","label":"","count":4}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i130900_f57a46bbacb6_e7c285222651"],"tls_ja3":["6639916abfac56b9257ca216677085bc"],"ja4h":["po11nn0600_f8bf768a441b","ge11nn0400_ef4d07580f66"]},"fingerprint_peers":{"t13i130900_f57a46bbacb6_e7c285222651":3260,"ge11nn0400_ef4d07580f66":2825,"po11nn0600_f8bf768a441b":71},"user_agents":["Go-http-client/1.1"],"timeline":[{"date":"2026-06-10","count":2},{"date":"2026-07-10","count":2}],"recent_events":[{"timestamp":"2026-07-10T00:56:08","port":2087,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"connection\":\"close\",\"content-length\":\"20\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:2087\",\"user-agent\":\"Go-http-client/1.1\"}","body":"pass=wrong&user=root","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/login/?login_only=1","summary":"","payload_hex":"504f5354202f6c6f67696e2f3f6c6f67696e5f6f6e6c793d3120485454502f312e310d0a486f73743a20<HONEYPOT>3a323038370d0a557365722d4167656e743a20476f2d687474702d636c69656e742f312e310d0a436f6e74656e742d4c656e6774683a2032300d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a706173733d77726f6e6726757365723d726f6f74","method":"POST","user_agent":"Go-http-client/1.1","community_id":"1:0nmmnRT3AWplVb/TCRaRoo13B7E=","ja3":"6639916abfac56b9257ca216677085bc","session":"df97c330-74ca-4436-bb2d-8eae7f17ac1b","seq":1,"duration_ms":101,"bytes_in":226,"bytes_out":79},{"timestamp":"2026-07-10T00:56:07","port":2087,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2087\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/openid_connect/cpanelid","summary":"","payload_hex":"474554202f6f70656e69645f636f6e6e6563742f6370616e656c696420485454502f312e310d0a486f73743a20<HONEYPOT>3a323038370d0a557365722d4167656e743a20476f2d687474702d636c69656e742f312e310d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Go-http-client/1.1","community_id":"1:zXMO53h8+XDlq2MctKVMqS+DXvA=","ja3":"6639916abfac56b9257ca216677085bc","session":"c696d1fb-183e-440d-94a1-b932b2c3d00f","seq":1,"duration_ms":100,"bytes_in":140,"bytes_out":79},{"timestamp":"2026-06-10T14:44:16","port":2087,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"connection\":\"close\",\"content-length\":\"20\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:2087\",\"user-agent\":\"Go-http-client/1.1\"}","body":"pass=wrong&user=root","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/login/?login_only=1","summary":"","payload_hex":"504f5354202f6c6f67696e2f3f6c6f67696e5f6f6e6c793d3120485454502f312e310d0a486f73743a20<HONEYPOT>3a323038370d0a557365722d4167656e743a20476f2d687474702d636c69656e742f312e310d0a436f6e74656e742d4c656e6774683a2032300d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a706173733d77726f6e6726757365723d726f6f74","method":"POST","user_agent":"Go-http-client/1.1","community_id":"1:wpvFUJJet5Swt7tfU/Y7IpHtfWY=","ja3":"6639916abfac56b9257ca216677085bc","session":"2f883b88-2492-4f04-8b46-f6d1c5619217","seq":1,"duration_ms":100,"bytes_in":226,"bytes_out":79},{"timestamp":"2026-06-10T14:44:15","port":2087,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2087\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/openid_connect/cpanelid","summary":"","payload_hex":"474554202f6f70656e69645f636f6e6e6563742f6370616e656c696420485454502f312e310d0a486f73743a20<HONEYPOT>3a323038370d0a557365722d4167656e743a20476f2d687474702d636c69656e742f312e310d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Go-http-client/1.1","community_id":"1:MqMO/HTYvi2f+VuyU3jD7ubH3Uk=","ja3":"6639916abfac56b9257ca216677085bc","session":"01aa23fd-d1b4-49a5-b6ed-a7eaf3b11cb3","seq":1,"duration_ms":100,"bytes_in":140,"bytes_out":79}],"http_methods":[{"method":"GET","count":2},{"method":"POST","count":2}],"distinct_ports_total":1,"top_paths":[{"path":"/login/?login_only=1","count":2,"ports":1},{"path":"/openid_connect/cpanelid","count":2,"ports":1}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[{"username":"root","password":"wrong","count":2}],"header_profile":{"signature":["Accept-Encoding","Connection","Content-Length","Content-Type","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Connection","value":"close","notable":false},{"name":"Content-Length","value":"20","notable":false},{"name":"Content-Type","value":"application/x-www-form-urlencoded","notable":true},{"name":"Host","value":"<HONEYPOT>:2087","notable":false},{"name":"User-Agent","value":"Go-http-client/1.1","notable":false}],"distinct_sets":2,"events_with_headers":4},"tags":[{"tag_id":"CVE-2026-41940","tag_type":"cve","title":"cPanel & WHM - Authentication Bypass via Session-File CRLF Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"/login/?login_only=1","reference_urls":[]}],"data_as_of":"2026-07-11T23:11:32.514399+00:00"}