{"ip":"167.99.234.90","total_events":105,"verdict":{"verdict":"malicious","label":"Exploit attempts observed","detail":"7 exploit-path hits","confidence":"high","network_type":"CDN"},"first_seen":"2026-05-29T08:17:45","last_seen":"2026-05-29T14:53:04","events_24h":0,"events_7d":105,"geo":{"country_code":"US","country_name":"United States","region":"New Jersey","city":"North Bergen","lat":40.7964,"lon":-74.0203,"asn":14061,"org":"DigitalOcean, LLC"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as14061","label":"DigitalOcean","category":"cdn","url":"https://www.peeringdb.com/asn/14061"},"cve_matches":[{"cve_id":"CVE-2024-31621","title":"Flowise 1.6.5 - Authentication Bypass","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/API/V1/credentials"}],"top_ports":[{"port":2379,"proto":"tcp","label":"","count":42},{"port":4001,"proto":"tcp","label":"","count":32},{"port":3010,"proto":"tcp","label":"","count":22},{"port":7860,"proto":"tcp","label":"","count":5},{"port":8888,"proto":"tcp","label":"HTTP-alt","count":2},{"port":5000,"proto":"tcp","label":"Web-alt","count":2}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"ja4h":["ge11nn0400_88d30a62b7ad","ge11nn0400_c3abebcf3d28","po11nn0600_41fead472a09"]},"fingerprint_peers":{"po11nn0600_41fead472a09":4,"ge11nn0400_c3abebcf3d28":76,"ge11nn0400_88d30a62b7ad":5664},"user_agents":["Python/3.11 aiohttp/3.13.3","Mozilla/5.0"],"timeline":[{"date":"2026-05-29","count":105}],"recent_events":[{"timestamp":"2026-05-29T14:53:04","port":2379,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate, br\",\"content-length\":\"36\",\"content-type\":\"application/json\",\"host\":\"<HONEYPOT>:2379\",\"user-agent\":\"Python/3.11 aiohttp/3.13.3\"}","body":"{\"key\": \"AA==\", \"range_end\": \"AA==\"}","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v3/kv/range","summary":"","method":"POST","user_agent":"Python/3.11 aiohttp/3.13.3"},{"timestamp":"2026-05-29T14:53:04","port":2379,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate, br\",\"host\":\"<HONEYPOT>:2379\",\"user-agent\":\"Python/3.11 aiohttp/3.13.3\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v2/keys/?recursive=true","summary":"","method":"GET","user_agent":"Python/3.11 aiohttp/3.13.3"},{"timestamp":"2026-05-29T14:53:04","port":2379,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate, br\",\"content-length\":\"36\",\"content-type\":\"application/json\",\"host\":\"<HONEYPOT>:2379\",\"user-agent\":\"Python/3.11 aiohttp/3.13.3\"}","body":"{\"key\": \"AA==\", \"range_end\": \"AA==\"}","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v3/kv/range","summary":"","method":"POST","user_agent":"Python/3.11 aiohttp/3.13.3"},{"timestamp":"2026-05-29T14:53:03","port":2379,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate, br\",\"host\":\"<HONEYPOT>:2379\",\"user-agent\":\"Python/3.11 aiohttp/3.13.3\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v2/keys/?recursive=true","summary":"","method":"GET","user_agent":"Python/3.11 aiohttp/3.13.3"},{"timestamp":"2026-05-29T14:42:41","port":2379,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate, br\",\"content-length\":\"36\",\"content-type\":\"application/json\",\"host\":\"<HONEYPOT>:2379\",\"user-agent\":\"Python/3.11 aiohttp/3.13.3\"}","body":"{\"key\": \"AA==\", \"range_end\": \"AA==\"}","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v3/kv/range","summary":"","method":"POST","user_agent":"Python/3.11 aiohttp/3.13.3"},{"timestamp":"2026-05-29T14:42:41","port":2379,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate, br\",\"host\":\"<HONEYPOT>:2379\",\"user-agent\":\"Python/3.11 aiohttp/3.13.3\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v2/keys/?recursive=true","summary":"","method":"GET","user_agent":"Python/3.11 aiohttp/3.13.3"},{"timestamp":"2026-05-29T14:42:41","port":2379,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate, br\",\"content-length\":\"36\",\"content-type\":\"application/json\",\"host\":\"<HONEYPOT>:2379\",\"user-agent\":\"Python/3.11 aiohttp/3.13.3\"}","body":"{\"key\": \"AA==\", \"range_end\": \"AA==\"}","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v3/kv/range","summary":"","method":"POST","user_agent":"Python/3.11 aiohttp/3.13.3"},{"timestamp":"2026-05-29T14:42:41","port":2379,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate, br\",\"host\":\"<HONEYPOT>:2379\",\"user-agent\":\"Python/3.11 aiohttp/3.13.3\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/v2/keys/?recursive=true","summary":"","method":"GET","user_agent":"Python/3.11 aiohttp/3.13.3"},{"timestamp":"2026-05-29T14:21:41","port":3010,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"text/plain,text/html,application/json,*/*\",\"accept-encoding\":\"gzip, deflate, br\",\"host\":\"<HONEYPOT>:3010\",\"user-agent\":\"Mozilla/5.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/api/v1/env","summary":"","method":"GET","user_agent":"Mozilla/5.0"},{"timestamp":"2026-05-29T14:21:41","port":2379,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"text/plain,text/html,application/json,*/*\",\"accept-encoding\":\"gzip, deflate, br\",\"host\":\"<HONEYPOT>:2379\",\"user-agent\":\"Mozilla/5.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/api/v1/env","summary":"","method":"GET","user_agent":"Mozilla/5.0"}],"http_methods":[{"method":"GET","count":100},{"method":"POST","count":5}],"distinct_ports_total":6,"top_paths":[{"path":"/.env","count":11,"ports":3},{"path":"/.env.local","count":11,"ports":3},{"path":"/v1/models","count":10,"ports":3},{"path":"/api/v1/env","count":10,"ports":3},{"path":"/app/.env","count":10,"ports":3},{"path":"/api/.env","count":10,"ports":3},{"path":"/backend/.env","count":10,"ports":3},{"path":"/.env.production","count":10,"ports":3},{"path":"/v3/kv/range","count":5,"ports":1},{"path":"/v2/keys/?recursive=true","count":5,"ports":1},{"path":"/api/ps","count":3,"ports":2},{"path":"/api/v1/config","count":2,"ports":2},{"path":"/.env.backup","count":2,"ports":2},{"path":"/api/environment","count":2,"ports":2},{"path":"/api/show","count":1,"ports":1}],"distinct_paths_total":18,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Accept-Encoding","Content-Length","Content-Type","Host","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Accept-Encoding","value":"gzip, deflate, br","notable":false},{"name":"Content-Length","value":"36","notable":false},{"name":"Content-Type","value":"application/json","notable":true},{"name":"Host","value":"<HONEYPOT>:2379","notable":false},{"name":"User-Agent","value":"Python/3.11 aiohttp/3.13.3","notable":false}],"distinct_sets":2,"events_with_headers":10},"tags":[{"tag_id":"CVE-2024-31621","tag_type":"cve","title":"Flowise 1.6.5 - Authentication Bypass","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/API/V1/credentials","reference_urls":["https://www.exploit-db.com/exploits/52001","https://github.com/FlowiseAI/Flowise/releases","https://flowiseai.com/"]}],"data_as_of":"2026-06-05T00:00:11.889962+00:00"}