{"ip":"212.227.244.14","total_events":18,"verdict":{"verdict":"scanning","label":"Unrecognized scanner","detail":"13+ ports swept","confidence":"medium","network_type":"nsp","why":["No exploit payloads observed.","Swept 13 distinct ports (threshold for a sweep is 10).","Not in any known-scanner range."]},"first_seen":"2026-07-07T22:46:45","last_seen":"2026-07-09T14:24:33","events_24h":0,"events_7d":18,"geo":{"country_code":"DE","country_name":"Germany","region":"","city":"","lat":51.2993,"lon":9.491,"asn":8560,"org":"IONOS SE"},"source_domain":"mail.kai-jacobs.de","known_scanners":[],"scanner_tag":{"key":"peeringdb:as8560","label":"IONOS SE","category":"isp","url":"https://www.peeringdb.com/asn/8560"},"cve_matches":[{"cve_id":"CVE-2026-41940","title":"cPanel & WHM - Authentication Bypass via Session-File CRLF Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"/login/?login_only=1"}],"malware":[],"top_ports":[{"port":2375,"proto":"tcp","label":"Docker","count":3},{"port":2087,"proto":"tcp","label":"","count":2},{"port":6443,"proto":"tcp","label":"k8s API","count":2},{"port":8080,"proto":"tcp","label":"HTTP-alt","count":2},{"port":80,"proto":"tcp","label":"HTTP","count":1},{"port":8000,"proto":"tcp","label":"HTTP-alt","count":1},{"port":9000,"proto":"tcp","label":"Web-alt","count":1},{"port":5173,"proto":"tcp","label":"","count":1},{"port":3005,"proto":"tcp","label":"","count":1},{"port":3008,"proto":"tcp","label":"","count":1},{"port":3009,"proto":"tcp","label":"","count":1},{"port":2376,"proto":"tcp","label":"Docker-TLS","count":1},{"port":2083,"proto":"tcp","label":"","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i3111h1_e8f1e7e78f70_d41ae481755e","t13i311000_e8f1e7e78f70_d41ae481755e"],"tls_ja3":["755cbaaa441626ab9e759e8982278df5","c12b4ccd5320bbb380ca1a9df90f771d"],"ja4h":["ge11nn0500_297583b23a58","po11nn1600_04d7b2319747"]},"fingerprint_peers":{"t13i3111h1_e8f1e7e78f70_d41ae481755e":6,"t13i311000_e8f1e7e78f70_d41ae481755e":506,"ge11nn0500_297583b23a58":13,"po11nn1600_04d7b2319747":1},"user_agents":["Python/3.12 aiohttp/3.14.0","WHM"],"timeline":[{"date":"2026-07-07","count":3},{"date":"2026-07-08","count":9},{"date":"2026-07-09","count":6}],"recent_events":[{"timestamp":"2026-07-09T14:24:33","port":2375,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2375\",\"user-agent\":\"Python/3.12 aiohttp/3.14.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/info","summary":"","payload_hex":"474554202f696e666f20485454502f312e310d0a486f73743a20<HONEYPOT>3a323337350d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a557365722d4167656e743a20507974686f6e2f332e31322061696f687474702f332e31342e300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Python/3.12 aiohttp/3.14.0","community_id":"1:r54XyxHfpx/5we4dGOTS1KsUK7g=","ja3":"","session":"8f239221-62d1-4eb4-a288-e62f48ba0455","seq":1,"duration_ms":109,"bytes_in":151,"bytes_out":79},{"timestamp":"2026-07-09T14:24:33","port":2375,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2375\",\"user-agent\":\"Python/3.12 aiohttp/3.14.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/version","summary":"","payload_hex":"474554202f76657273696f6e20485454502f312e310d0a486f73743a20<HONEYPOT>3a323337350d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a557365722d4167656e743a20507974686f6e2f332e31322061696f687474702f332e31342e300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Python/3.12 aiohttp/3.14.0","community_id":"1:SQwQStj0NOphmZYrzetis0mBScQ=","ja3":"","session":"23b77043-9bae-4c16-b56a-aab055d03674","seq":1,"duration_ms":101,"bytes_in":154,"bytes_out":79},{"timestamp":"2026-07-09T14:24:32","port":2375,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2375\",\"user-agent\":\"Python/3.12 aiohttp/3.14.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/version","summary":"","payload_hex":"474554202f76657273696f6e20485454502f312e310d0a486f73743a20<HONEYPOT>3a323337350d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a557365722d4167656e743a20507974686f6e2f332e31322061696f687474702f332e31342e300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Python/3.12 aiohttp/3.14.0","community_id":"1:CAIEjMUBqbG2EczrutrIa0JRGSs=","ja3":"","session":"4eccb25c-85ff-488b-8b09-0b5c486314f7","seq":1,"duration_ms":100,"bytes_in":154,"bytes_out":79},{"timestamp":"2026-07-09T14:24:31","port":2376,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2376\",\"user-agent\":\"Python/3.12 aiohttp/3.14.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a323337360d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a557365722d4167656e743a20507974686f6e2f332e31322061696f687474702f332e31342e300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Python/3.12 aiohttp/3.14.0","community_id":"1:OaMglFexZVPIPJ/VvzBKioXfFF0=","ja3":"","session":"731d00ad-cf5f-407b-a31e-972965112b31","seq":1,"duration_ms":100,"bytes_in":147,"bytes_out":79},{"timestamp":"2026-07-09T00:32:18","port":8080,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:8080\",\"user-agent\":\"Python/3.12 aiohttp/3.14.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383038300d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a557365722d4167656e743a20507974686f6e2f332e31322061696f687474702f332e31342e300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Python/3.12 aiohttp/3.14.0","community_id":"1:1DkgRydup/30WD28ITZ8EvoT5ik=","ja3":"","session":"5067d53a-09c2-441c-acc2-04b1e93c53da","seq":1,"duration_ms":100,"bytes_in":147,"bytes_out":79},{"timestamp":"2026-07-09T00:32:18","port":8080,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:8080\",\"user-agent\":\"Python/3.12 aiohttp/3.14.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383038300d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a557365722d4167656e743a20507974686f6e2f332e31322061696f687474702f332e31342e300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Python/3.12 aiohttp/3.14.0","community_id":"1:64FigeuyIUa+x90kjItUx6uZXnE=","ja3":"","session":"a34b7dad-d9ef-4650-a508-ef19ae91f7ad","seq":1,"duration_ms":100,"bytes_in":147,"bytes_out":79},{"timestamp":"2026-07-08T23:13:03","port":3009,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:3009\",\"user-agent\":\"Python/3.12 aiohttp/3.14.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a333030390d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a557365722d4167656e743a20507974686f6e2f332e31322061696f687474702f332e31342e300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Python/3.12 aiohttp/3.14.0","community_id":"1:r7R+zoU2ZigtbRxC7kzPS6SiwBY=","ja3":"","session":"c177b374-917d-4c2b-9ab1-b016834b395f","seq":1,"duration_ms":100,"bytes_in":147,"bytes_out":79},{"timestamp":"2026-07-08T15:00:45","port":3005,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:3005\",\"user-agent\":\"Python/3.12 aiohttp/3.14.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a333030350d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a557365722d4167656e743a20507974686f6e2f332e31322061696f687474702f332e31342e300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Python/3.12 aiohttp/3.14.0","community_id":"1:RLt56lF3v/IBdB3jdzos8OmCQlw=","ja3":"","session":"5d50d470-07fa-4c18-bda5-6ac118cca512","seq":1,"duration_ms":100,"bytes_in":147,"bytes_out":79},{"timestamp":"2026-07-08T12:15:42","port":3008,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:3008\",\"user-agent\":\"Python/3.12 aiohttp/3.14.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a333030380d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a557365722d4167656e743a20507974686f6e2f332e31322061696f687474702f332e31342e300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Python/3.12 aiohttp/3.14.0","community_id":"1:mFZwGHYs851F5rZcQjW57/Y7r6U=","ja3":"","session":"73d48256-7185-4299-9721-b972800126ef","seq":1,"duration_ms":100,"bytes_in":147,"bytes_out":79},{"timestamp":"2026-07-08T11:31:14","port":9000,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:9000\",\"user-agent\":\"Python/3.12 aiohttp/3.14.0\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393030300d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a557365722d4167656e743a20507974686f6e2f332e31322061696f687474702f332e31342e300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Python/3.12 aiohttp/3.14.0","community_id":"1:JZeqKFgR39Epha2dAsgi2xIV3ec=","ja3":"","session":"deca6b85-ce24-4845-9d4a-7eba7a643886","seq":1,"duration_ms":100,"bytes_in":147,"bytes_out":79}],"http_methods":[{"method":"GET","count":17},{"method":"POST","count":1}],"distinct_ports_total":13,"top_paths":[{"path":"/","count":13,"ports":11},{"path":"/version","count":2,"ports":1},{"path":"/info","count":1,"ports":1},{"path":"/login/?login_only=1","count":1,"ports":1},{"path":"/openid_connect/cpanelid","count":1,"ports":1}],"distinct_paths_total":5,"top_snis":[],"top_hosts":[],"top_alpns":[{"value":"http/1.1","count":2}],"banners":[],"credentials":[{"username":"root","password":"wrong","count":1}],"header_profile":{"signature":["Accept","Accept-Encoding","Connection","Host","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Accept-Encoding","value":"gzip, deflate","notable":false},{"name":"Connection","value":"close","notable":false},{"name":"Host","value":"<HONEYPOT>:2375","notable":false},{"name":"User-Agent","value":"Python/3.12 aiohttp/3.14.0","notable":false}],"distinct_sets":1,"events_with_headers":10},"tags":[{"tag_id":"CVE-2026-41940","tag_type":"cve","title":"cPanel & WHM - Authentication Bypass via Session-File CRLF Injection","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"/login/?login_only=1","reference_urls":[]}],"data_as_of":"2026-07-12T02:33:35.904875+00:00"}