{"ip":"185.202.158.60","total_events":6,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":"nsp"},"first_seen":"2026-05-31T12:15:05","last_seen":"2026-06-03T18:50:58","events_24h":0,"events_7d":6,"geo":{"country_code":"DE","country_name":"Germany","region":"Hesse","city":"Frankfurt am Main","lat":50.1169,"lon":8.6837,"asn":42366,"org":"TerraTransit AG"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as42366","label":"TerraTransit","category":"isp","url":"https://www.peeringdb.com/asn/42366"},"cve_matches":[{"cve_id":"CVE-2020-2551","title":"Oracle WebLogic Server - Remote Code Execution","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/console/login/LoginForm.jsp"}],"top_ports":[{"port":7443,"proto":"tcp","label":"","count":5},{"port":8090,"proto":"tcp","label":"","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"ja4h":["ge11nn14en_290448bd461f","ge11nn0300_0db47b7d240d","ge11nn11en_8950ec142097"]},"fingerprint_peers":{"ge11nn11en_8950ec142097":130,"ge11nn0300_0db47b7d240d":3774,"ge11nn14en_290448bd461f":178},"user_agents":["Go-http-client/1.1","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15","Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0","Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0","Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Mobile Safari/537.36","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"],"timeline":[{"date":"2026-05-31","count":5},{"date":"2026-06-03","count":1}],"recent_events":[{"timestamp":"2026-06-03T18:50:58","port":8090,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8090\",\"user-agent\":\"Go-http-client/1.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/walletsolidity/listwitnesses","summary":"","method":"GET","user_agent":"Go-http-client/1.1"},{"timestamp":"2026-05-31T12:16:55","port":7443,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\",\"accept-encoding\":\"gzip, deflate, br, zstd\",\"accept-language\":\"en-US,en;q=0.5\",\"cache-control\":\"max-age=259200\",\"connection\":\"keep-alive\",\"host\":\"<HONEYPOT>:7443\",\"sec-fetch-dest\":\"document\",\"sec-fetch-mode\":\"navigate\",\"sec-fetch-site\":\"none\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/wls-wsat/CoordinatorPortType","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0"},{"timestamp":"2026-05-31T12:16:37","port":7443,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\",\"accept-encoding\":\"gzip, deflate, br, zstd\",\"accept-language\":\"en-US,en;q=0.9\",\"cache-control\":\"max-age=259200\",\"connection\":\"keep-alive\",\"host\":\"<HONEYPOT>:7443\",\"sec-ch-ua\":\"\\\"Chromium\\\";v=\\\"133\\\", \\\"Not:A-Brand\\\";v=\\\"24\\\", \\\"Google Chrome\\\";v=\\\"133\\\"\",\"sec-ch-ua-mobile\":\"?0\",\"sec-ch-ua-platform\":\"\\\"Windows\\\"\",\"sec-fetch-dest\":\"document\",\"sec-fetch-mode\":\"navigate\",\"sec-fetch-site\":\"none\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/config/config.xml","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"},{"timestamp":"2026-05-31T12:16:08","port":7443,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\",\"accept-encoding\":\"gzip, deflate, br, zstd\",\"accept-language\":\"en-US,en;q=0.5\",\"cache-control\":\"max-age=259200\",\"connection\":\"keep-alive\",\"host\":\"<HONEYPOT>:7443\",\"sec-fetch-dest\":\"document\",\"sec-fetch-mode\":\"navigate\",\"sec-fetch-site\":\"none\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/management/tenant-monitoring/servers","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0"},{"timestamp":"2026-05-31T12:15:21","port":7443,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\",\"accept-encoding\":\"gzip, deflate, br\",\"accept-language\":\"en-US,en;q=0.9\",\"cache-control\":\"max-age=259200\",\"connection\":\"keep-alive\",\"host\":\"<HONEYPOT>:7443\",\"sec-fetch-dest\":\"document\",\"sec-fetch-mode\":\"navigate\",\"sec-fetch-site\":\"none\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/weblogic/ready","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15"},{"timestamp":"2026-05-31T12:15:05","port":7443,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\",\"accept-encoding\":\"gzip, deflate, br, zstd\",\"accept-language\":\"en-US,en;q=0.9\",\"cache-control\":\"max-age=259200\",\"connection\":\"keep-alive\",\"host\":\"<HONEYPOT>:7443\",\"sec-ch-ua\":\"\\\"Chromium\\\";v=\\\"134\\\", \\\"Not:A-Brand\\\";v=\\\"24\\\", \\\"Google Chrome\\\";v=\\\"134\\\"\",\"sec-ch-ua-mobile\":\"?1\",\"sec-ch-ua-platform\":\"\\\"Android\\\"\",\"sec-fetch-dest\":\"document\",\"sec-fetch-mode\":\"navigate\",\"sec-fetch-site\":\"none\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Mobile Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/console/login/LoginForm.jsp","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Mobile Safari/537.36"}],"http_methods":[{"method":"GET","count":6}],"distinct_ports_total":2,"top_paths":[{"path":"/weblogic/ready","count":1,"ports":1},{"path":"/config/config.xml","count":1,"ports":1},{"path":"/management/tenant-monitoring/servers","count":1,"ports":1},{"path":"/walletsolidity/listwitnesses","count":1,"ports":1},{"path":"/console/login/LoginForm.jsp","count":1,"ports":1},{"path":"/wls-wsat/CoordinatorPortType","count":1,"ports":1}],"distinct_paths_total":6,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Accept-Encoding","Accept-Language","Cache-Control","Connection","Host","Sec-Ch-Ua","Sec-Ch-Ua-Mobile","Sec-Ch-Ua-Platform","Sec-Fetch-Dest","Sec-Fetch-Mode","Sec-Fetch-Site","Upgrade-Insecure-Requests","User-Agent"],"representative":[{"name":"Accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8","notable":false},{"name":"Accept-Encoding","value":"gzip, deflate, br, zstd","notable":false},{"name":"Accept-Language","value":"en-US,en;q=0.9","notable":false},{"name":"Cache-Control","value":"max-age=259200","notable":false},{"name":"Connection","value":"keep-alive","notable":false},{"name":"Host","value":"<HONEYPOT>:7443","notable":false},{"name":"Sec-Ch-Ua","value":"\"Chromium\";v=\"133\", \"Not:A-Brand\";v=\"24\", \"Google Chrome\";v=\"133\"","notable":false},{"name":"Sec-Ch-Ua-Mobile","value":"?0","notable":false},{"name":"Sec-Ch-Ua-Platform","value":"\"Windows\"","notable":false},{"name":"Sec-Fetch-Dest","value":"document","notable":false},{"name":"Sec-Fetch-Mode","value":"navigate","notable":false},{"name":"Sec-Fetch-Site","value":"none","notable":false},{"name":"Upgrade-Insecure-Requests","value":"1","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36","notable":false}],"distinct_sets":3,"events_with_headers":6},"tags":[{"tag_id":"CVE-2020-2551","tag_type":"cve","title":"Oracle WebLogic Server - Remote Code Execution","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/console/login/LoginForm.jsp","reference_urls":["https://github.com/hktalent/CVE-2020-2551","https://nvd.nist.gov/vuln/detail/CVE-2020-2551","https://www.oracle.com/security-alerts/cpujan2020.html","https://github.com/neilzhang1/Chinese-Charts","https://github.com/pjgmonteiro/Pentest-tools"]}],"data_as_of":"2026-06-04T23:51:16.095015+00:00"}