{"ip":"189.84.238.246","total_events":20,"verdict":{"verdict":"scanning","label":"Scanning for known vulnerabilities","detail":"1 exploit-path probe(s)","confidence":"medium","network_type":"nsp","why":["1 request(s) matched a known exploit path.","Only GET/HEAD seen, no request body: scanning for the vulnerability, not delivering a payload.","Not in any known-scanner range."]},"first_seen":"2026-05-13T21:59:58","last_seen":"2026-07-05T05:34:05","events_24h":0,"events_7d":2,"geo":{"country_code":"BR","country_name":"Brazil","region":"","city":"","lat":-22.8305,"lon":-43.2192,"asn":52468,"org":"UFINET PANAMA S.A."},"source_domain":"189-84-238-246.ufinet.com","known_scanners":[],"scanner_tag":{"key":"peeringdb:as52468","label":"Ufinet Latam AS52468","category":"isp","url":"https://www.peeringdb.com/asn/52468"},"cve_matches":[{"cve_id":"CVE-2025-64328","title":"FreePBX  >= 17.0.2.36 && < 17.0.3 - Authenticated Command Injection","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/admin/config.php"},{"cve_id":"CVE-2024-4836","title":"Edito CMS - Sensitive Data Leak","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/config.php"}],"malware":[],"top_ports":[{"port":9089,"proto":"tcp","label":"","count":2},{"port":31443,"proto":"tcp","label":"","count":2},{"port":9070,"proto":"tcp","label":"","count":2},{"port":8280,"proto":"tcp","label":"","count":2},{"port":8009,"proto":"tcp","label":"","count":2},{"port":57781,"proto":"tcp","label":"","count":2},{"port":8144,"proto":"tcp","label":"","count":1},{"port":8833,"proto":"tcp","label":"","count":1},{"port":80,"proto":"tcp","label":"HTTP","count":1},{"port":8850,"proto":"tcp","label":"","count":1},{"port":49080,"proto":"tcp","label":"","count":1},{"port":4120,"proto":"tcp","label":"","count":1},{"port":8087,"proto":"tcp","label":"","count":1},{"port":8044,"proto":"tcp","label":"","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["ge10nn0300_47c2bbddfa85"]},"fingerprint_peers":{"ge10nn0300_47c2bbddfa85":18},"user_agents":["Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.1500.142 Safari/537.36","Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0","Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:114.0) Gecko/20100101 Firefox/114.0","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.1054.126 Safari/537.36","Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0","Mozilla/5.0 (Linux; Android 11; Pixel 5; rv:88.0) Gecko/20100101 Firefox/88.0","Mozilla/5.0 (Linux; Android 12; SM-G991B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.3978.192 Safari/537.36"],"timeline":[{"date":"2026-05-13","count":1},{"date":"2026-05-14","count":3},{"date":"2026-05-15","count":1},{"date":"2026-05-16","count":1},{"date":"2026-05-20","count":2},{"date":"2026-05-22","count":2},{"date":"2026-05-23","count":1},{"date":"2026-05-24","count":1},{"date":"2026-05-25","count":1},{"date":"2026-06-22","count":1},{"date":"2026-07-03","count":3},{"date":"2026-07-04","count":1},{"date":"2026-07-05","count":2}],"recent_events":[{"timestamp":"2026-07-05T05:34:05","port":31443,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (Linux; Android 11; Pixel 5; rv:109.0) Gecko/20100101 Firefox/109.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/admin/config.php","summary":"","payload_hex":"474554202f61646d696e2f636f6e6669672e70687020485454502f312e300d0a557365722d4167656e743a204d6f7a696c6c612f352e3020284c696e75783b20416e64726f69642031313b20506978656c20353b2072763a3130392e3029204765636b6f2f32303130303130312046697265666f782f3130392e300d0a4163636570743a202a2f2a0d0a486f73743a20<HONEYPOT>0d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Linux; Android 11; Pixel 5; rv:109.0) Gecko/20100101 Firefox/109.0","community_id":"1:Ntf1zvOZ6gTJAr6Fl08KFnlWHb4=","ja3":"","session":"6a40d53e-ff45-44ac-957e-caa27b2ea05b","seq":1,"duration_ms":100,"bytes_in":161,"bytes_out":79},{"timestamp":"2026-07-05T00:45:03","port":31443,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (Linux; Android 11; Pixel 5; rv:109.0) Gecko/20100101 Firefox/109.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/admin/config.php","summary":"","payload_hex":"474554202f61646d696e2f636f6e6669672e70687020485454502f312e300d0a557365722d4167656e743a204d6f7a696c6c612f352e3020284c696e75783b20416e64726f69642031313b20506978656c20353b2072763a3130392e3029204765636b6f2f32303130303130312046697265666f782f3130392e300d0a4163636570743a202a2f2a0d0a486f73743a20<HONEYPOT>0d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Linux; Android 11; Pixel 5; rv:109.0) Gecko/20100101 Firefox/109.0","community_id":"1:xCI4IaTOqgWVBDxJV40mg+ZcFzs=","ja3":"","session":"b4dcecf9-07e4-452e-a4e0-6bfffaef14cf","seq":1,"duration_ms":100,"bytes_in":162,"bytes_out":79},{"timestamp":"2026-07-04T13:25:56","port":9089,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/admin/config.php","summary":"","payload_hex":"474554202f61646d696e2f636f6e6669672e70687020485454502f312e300d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b207836343b2072763a3130372e3029204765636b6f2f32303130303130312046697265666f782f3130372e300d0a4163636570743a202a2f2a0d0a486f73743a20<HONEYPOT>0d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0","community_id":"1:64g8JGryeEzh/+6VzhjdMQUOLYA=","ja3":"","session":"a3706541-c008-4f06-960f-9805c336d406","seq":1,"duration_ms":100,"bytes_in":163,"bytes_out":79},{"timestamp":"2026-07-03T20:55:54","port":9089,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/admin/config.php","summary":"","payload_hex":"474554202f61646d696e2f636f6e6669672e70687020485454502f312e300d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b207836343b2072763a3130372e3029204765636b6f2f32303130303130312046697265666f782f3130372e300d0a4163636570743a202a2f2a0d0a486f73743a20<HONEYPOT>0d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0","community_id":"1:sjrfvzGE03j/nlJeU08cA9s1TnE=","ja3":"","session":"f829b49d-d145-4981-a106-53155e4e98a6","seq":1,"duration_ms":100,"bytes_in":162,"bytes_out":79},{"timestamp":"2026-07-03T15:54:03","port":9070,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (iPhone; CPU iPhone OS 15_0 like Mac OS X; rv:99.0) Gecko/20100101 Firefox/99.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/admin/config.php","summary":"","payload_hex":"474554202f61646d696e2f636f6e6669672e70687020485454502f312e300d0a557365722d4167656e743a204d6f7a696c6c612f352e3020286950686f6e653b20435055206950686f6e65204f532031355f30206c696b65204d6163204f5320583b2072763a39392e3029204765636b6f2f32303130303130312046697265666f782f39392e300d0a4163636570743a202a2f2a0d0a486f73743a20<HONEYPOT>0d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (iPhone; CPU iPhone OS 15_0 like Mac OS X; rv:99.0) Gecko/20100101 Firefox/99.0","community_id":"1:B+ibEcPpSum754aLKBjI7NKXdNo=","ja3":"","session":"90a0e932-afa8-4f89-b9cd-082f4f3a9c48","seq":1,"duration_ms":100,"bytes_in":173,"bytes_out":79},{"timestamp":"2026-07-03T01:35:29","port":9070,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (iPhone; CPU iPhone OS 15_0 like Mac OS X; rv:99.0) Gecko/20100101 Firefox/99.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/admin/config.php","summary":"","payload_hex":"474554202f61646d696e2f636f6e6669672e70687020485454502f312e300d0a557365722d4167656e743a204d6f7a696c6c612f352e3020286950686f6e653b20435055206950686f6e65204f532031355f30206c696b65204d6163204f5320583b2072763a39392e3029204765636b6f2f32303130303130312046697265666f782f39392e300d0a4163636570743a202a2f2a0d0a486f73743a20<HONEYPOT>0d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (iPhone; CPU iPhone OS 15_0 like Mac OS X; rv:99.0) Gecko/20100101 Firefox/99.0","community_id":"1:8hhsqO1cXeRUc8DbiRlRl8hIGaw=","ja3":"","session":"8d7d6461-de1c-44f7-9afc-25a023d807b1","seq":1,"duration_ms":100,"bytes_in":174,"bytes_out":79},{"timestamp":"2026-06-22T02:09:01","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:110.0) Gecko/20100101 Firefox/110.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/admin/config.php","summary":"","payload_hex":"474554202f61646d696e2f636f6e6669672e70687020485454502f312e300d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b207836343b2072763a3131302e3029204765636b6f2f32303130303130312046697265666f782f3131302e300d0a4163636570743a202a2f2a0d0a486f73743a20<HONEYPOT>0d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:110.0) Gecko/20100101 Firefox/110.0","community_id":"1:1HMat6Xflgp6tZcRtyAhHUd7Byk=","ja3":"","session":"990f774a-722c-4f52-b2d3-4004083d1073","seq":1,"duration_ms":100,"bytes_in":162,"bytes_out":79},{"timestamp":"2026-05-25T08:01:36","port":8044,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/admin/config.php","summary":"","payload_hex":"474554202f61646d696e2f636f6e6669672e70687020485454502f312e300d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e313b2057696e36343b207836343b2072763a3130372e3029204765636b6f2f32303130303130312046697265666f782f3130372e300d0a4163636570743a202a2f2a0d0a486f73743a20<HONEYPOT>0d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0","community_id":"1:4W7dwQT8cweDmrNb25nl18JA+NM=","ja3":"","session":"45c8ba6c-b674-4eaa-abc4-a1c35ca1980a","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-24T11:11:35","port":8087,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/admin/config.php","summary":"","payload_hex":"474554202f61646d696e2f636f6e6669672e70687020485454502f312e300d0a557365722d4167656e743a204d6f7a696c6c612f352e3020285831313b205562756e74753b204c696e7578207838365f36343b2072763a38362e3029204765636b6f2f32303130303130312046697265666f782f38362e300d0a4163636570743a202a2f2a0d0a486f73743a20<HONEYPOT>0d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0","community_id":"1:872mRqdUNr2Y35d2R0jpexaw7kA=","ja3":"","session":"e1fb8b11-3271-459d-b158-657941be39ac","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-23T20:18:33","port":49080,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (Linux; Android 11; Pixel 5; rv:88.0) Gecko/20100101 Firefox/88.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/admin/config.php","summary":"","payload_hex":"474554202f61646d696e2f636f6e6669672e70687020485454502f312e300d0a557365722d4167656e743a204d6f7a696c6c612f352e3020284c696e75783b20416e64726f69642031313b20506978656c20353b2072763a38382e3029204765636b6f2f32303130303130312046697265666f782f38382e300d0a4163636570743a202a2f2a0d0a486f73743a20<HONEYPOT>0d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Linux; Android 11; Pixel 5; rv:88.0) Gecko/20100101 Firefox/88.0","community_id":"1:UsT01MnayTlaVFcTA3zeoJtCKB4=","ja3":"","session":"a6106b10-183d-4ca6-8c39-89527bf22abc","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0}],"http_methods":[{"method":"GET","count":20}],"distinct_ports_total":14,"top_paths":[{"path":"/admin/config.php","count":20,"ports":14}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Host","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Host","value":"<HONEYPOT>","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (Linux; Android 11; Pixel 5; rv:109.0) Gecko/20100101 Firefox/109.0","notable":false}],"distinct_sets":1,"events_with_headers":10},"tags":[{"tag_id":"CVE-2025-64328","tag_type":"cve","title":"FreePBX  >= 17.0.2.36 && < 17.0.3 - Authenticated Command Injection","severity":"critical","actively_exploited":true,"match_field":"url_path","matched_pattern":"/admin/config.php","reference_urls":["https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw","https://theyhack.me/CVE-2025-64328-FreePBX-Authenticated-Command-Injection/","https://www.cisa.gov/news-events/alerts/2026/02/03/cisa-adds-four-known-exploited-vulnerabilities-catalog"]},{"tag_id":"CVE-2024-4836","tag_type":"cve","title":"Edito CMS - Sensitive Data Leak","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/config.php","reference_urls":["https://cert.pl/en/posts/2024/07/CVE-2024-4836/","https://github.com/sleep46/CVE-2024-4836_Check","https://nvd.nist.gov/vuln/detail/CVE-2024-4836"]}],"data_as_of":"2026-07-11T23:11:11.904324+00:00"}