{"ip":"167.99.216.61","total_events":305,"verdict":{"verdict":"scanning","label":"Scanning for known vulnerabilities","detail":"20 exploit-path probe(s)","confidence":"medium","network_type":"CDN"},"first_seen":"2026-05-09T02:45:17","last_seen":"2026-05-09T02:45:25","events_24h":0,"events_7d":0,"geo":{"country_code":"NL","country_name":"Netherlands","region":"North Holland","city":"Amsterdam","lat":52.352,"lon":4.9392,"asn":14061,"org":"DigitalOcean, LLC"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as14061","label":"DigitalOcean","category":"cdn","url":"https://www.peeringdb.com/asn/14061"},"cve_matches":[{"cve_id":"CVE-2019-11248","title":"Debug Endpoint pprof - Exposure Detection","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/debug/pprof"},{"cve_id":"CVE-2020-9425","title":"rConfig <3.9.4 - Sensitive Information Disclosure","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/settings.php"},{"cve_id":"CVE-2024-4836","title":"Edito CMS - Sensitive Data Leak","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/config.php"},{"cve_id":"CVE-2019-12461","title":"WebPort 1.19.1 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/log"}],"top_ports":[{"port":81,"proto":"tcp","label":"","count":305}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"ja4h":["ge11nn0400_cf1edba2959c"]},"fingerprint_peers":{"ge11nn0400_cf1edba2959c":114},"user_agents":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36"],"timeline":[{"date":"2026-05-09","count":305}],"recent_events":[{"timestamp":"2026-05-09T02:45:25","port":81,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"zstd,gzip,deflate,br\",\"host\":\"<HONEYPOT>:81\",\"user-agent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/.config/op/config","summary":"","method":"GET","user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36"},{"timestamp":"2026-05-09T02:45:25","port":81,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"zstd,gzip,deflate,br\",\"host\":\"<HONEYPOT>:81\",\"user-agent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v2/_catalog","summary":"","method":"GET","user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36"},{"timestamp":"2026-05-09T02:45:25","port":81,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"zstd,gzip,deflate,br\",\"host\":\"<HONEYPOT>:81\",\"user-agent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/debug/pprof/heap","summary":"","method":"GET","user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36"},{"timestamp":"2026-05-09T02:45:25","port":81,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"zstd,gzip,deflate,br\",\"host\":\"<HONEYPOT>:81\",\"user-agent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/debug/vars","summary":"","method":"GET","user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36"},{"timestamp":"2026-05-09T02:45:25","port":81,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"zstd,gzip,deflate,br\",\"host\":\"<HONEYPOT>:81\",\"user-agent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/metrics","summary":"","method":"GET","user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36"},{"timestamp":"2026-05-09T02:45:25","port":81,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"zstd,gzip,deflate,br\",\"host\":\"<HONEYPOT>:81\",\"user-agent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/graphql","summary":"","method":"GET","user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36"},{"timestamp":"2026-05-09T02:45:25","port":81,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"zstd,gzip,deflate,br\",\"host\":\"<HONEYPOT>:81\",\"user-agent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/admin/config","summary":"","method":"GET","user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36"},{"timestamp":"2026-05-09T02:45:25","port":81,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"zstd,gzip,deflate,br\",\"host\":\"<HONEYPOT>:81\",\"user-agent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/api-docs","summary":"","method":"GET","user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36"},{"timestamp":"2026-05-09T02:45:25","port":81,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"zstd,gzip,deflate,br\",\"host\":\"<HONEYPOT>:81\",\"user-agent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/admin/settings","summary":"","method":"GET","user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36"},{"timestamp":"2026-05-09T02:45:25","port":81,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"zstd,gzip,deflate,br\",\"host\":\"<HONEYPOT>:81\",\"user-agent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/api/settings","summary":"","method":"GET","user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36"}],"http_methods":[{"method":"GET","count":305}],"distinct_ports_total":1,"top_paths":[{"path":"/.env.development","count":1,"ports":1},{"path":"/etc/twingate/connector.conf","count":1,"ports":1},{"path":"/etc/cloudflared/config.yml","count":1,"ports":1},{"path":"/.config/gcloud/application_default_credentials.json","count":1,"ports":1},{"path":"/.git/logs/refs/heads/master","count":1,"ports":1},{"path":"/.pulumi/credentials.json","count":1,"ports":1},{"path":"/.azure/msal_token_cache.json","count":1,"ports":1},{"path":"/var/lib/zerotier-one/identity.secret","count":1,"ports":1},{"path":"/var/lib/zerotier-one/authtoken.secret","count":1,"ports":1},{"path":"/.azure/azureProfile.json","count":1,"ports":1},{"path":"/.config/gcloud/active_config","count":1,"ports":1},{"path":"/.config/gcloud/configurations/config_default","count":1,"ports":1},{"path":"/.config/gcloud/credentials.db","count":1,"ports":1},{"path":"/.github/workflows/publish.yml","count":1,"ports":1},{"path":"/.config/exoscale/exoscale.toml","count":1,"ports":1}],"distinct_paths_total":200,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Accept-Encoding","value":"zstd,gzip,deflate,br","notable":false},{"name":"Host","value":"<HONEYPOT>:81","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36","notable":false}],"distinct_sets":1,"events_with_headers":10},"tags":[{"tag_id":"CVE-2019-11248","tag_type":"cve","title":"Debug Endpoint pprof - Exposure Detection","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/debug/pprof","reference_urls":["https://medium.com/bugbountywriteup/my-first-bug-bounty-21d3203ffdb0","http://mmcloughlin.com/posts/your-pprof-is-showing","https://github.com/kubernetes/kubernetes/issues/81023","https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ","https://nvd.nist.gov/vuln/detail/CVE-2019-11248"]},{"tag_id":"CVE-2020-9425","tag_type":"cve","title":"rConfig <3.9.4 - Sensitive Information Disclosure","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/settings.php","reference_urls":["https://blog.hivint.com/rconfig-3-9-3-unauthenticated-sensitive-information-disclosure-ead4ed88f153","https://github.com/rconfig/rconfig/commit/20f4e3d87e84663d922b937842fddd9af1b68dd9","https://nvd.nist.gov/vuln/detail/CVE-2020-9425","https://github.com/ARPSyndicate/cvemon","https://github.com/ARPSyndicate/kenzer-templates"]},{"tag_id":"CVE-2024-4836","tag_type":"cve","title":"Edito CMS - Sensitive Data Leak","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/config.php","reference_urls":["https://cert.pl/en/posts/2024/07/CVE-2024-4836/","https://github.com/sleep46/CVE-2024-4836_Check","https://nvd.nist.gov/vuln/detail/CVE-2024-4836"]},{"tag_id":"CVE-2019-12461","tag_type":"cve","title":"WebPort 1.19.1 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/log","reference_urls":["https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS","https://webport.se/nedladdningar/","https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS/","https://emreovunc.com/blog/en/WebPort-Reflected-XSS-02.png","https://nvd.nist.gov/vuln/detail/CVE-2019-12461"]}],"data_as_of":"2026-06-04T22:57:58.439480+00:00"}