{"ip":"217.160.104.158","total_events":649,"verdict":{"verdict":"scanning","label":"Scanning for known vulnerabilities","detail":"36 exploit-path probe(s)","confidence":"medium","network_type":"nsp"},"first_seen":"2026-06-15T21:55:12","last_seen":"2026-06-16T02:50:32","events_24h":0,"events_7d":649,"geo":{"country_code":"DE","country_name":"Germany","region":"","city":"","lat":51.2993,"lon":9.491,"asn":8560,"org":"IONOS SE"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as8560","label":"IONOS SE","category":"isp","url":"https://www.peeringdb.com/asn/8560"},"cve_matches":[{"cve_id":"CVE-2020-9425","title":"rConfig <3.9.4 - Sensitive Information Disclosure","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/settings.php"},{"cve_id":"CVE-2024-4836","title":"Edito CMS - Sensitive Data Leak","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/config.php"}],"top_ports":[{"port":8983,"proto":"tcp","label":"Solr","count":100},{"port":8888,"proto":"tcp","label":"HTTP-alt","count":84},{"port":4000,"proto":"tcp","label":"","count":80},{"port":8000,"proto":"tcp","label":"HTTP-alt","count":67},{"port":9090,"proto":"tcp","label":"Prometheus","count":64},{"port":7001,"proto":"tcp","label":"WebLogic","count":63},{"port":5000,"proto":"tcp","label":"Web-alt","count":62},{"port":8080,"proto":"tcp","label":"HTTP-alt","count":56},{"port":3000,"proto":"tcp","label":"Web-alt","count":26},{"port":80,"proto":"tcp","label":"HTTP","count":23},{"port":8443,"proto":"tcp","label":"HTTPS-alt","count":21},{"port":443,"proto":"tcp","label":"HTTPS","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i311000_e8f1e7e78f70_d41ae481755e"],"tls_ja3":["c12b4ccd5320bbb380ca1a9df90f771d"],"ja4h":["ge11nn0400_88d30a62b7ad"]},"fingerprint_peers":{"t13i311000_e8f1e7e78f70_d41ae481755e":661,"ge11nn0400_88d30a62b7ad":7411},"user_agents":["Mozilla/5.0 (compatible)"],"timeline":[{"date":"2026-06-15","count":117},{"date":"2026-06-16","count":532}],"recent_events":[{"timestamp":"2026-06-16T02:50:32","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (compatible)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/conf/config.php","summary":"","payload_hex":"474554202f636f6e662f636f6e6669672e70687020485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a204d6f7a696c6c612f352e302028636f6d70617469626c65290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (compatible)","community_id":"1:Qj+xd+G58nKUusUGAkJdot9D7hA=","ja3":"","session":"a5f504c9-c670-49eb-97ce-fdaef73cb61c","seq":2,"duration_ms":12352,"bytes_in":288,"bytes_out":160},{"timestamp":"2026-06-16T02:50:23","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (compatible)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/.env.local.php","summary":"","payload_hex":"474554202f2e656e762e6c6f63616c2e70687020485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a204d6f7a696c6c612f352e302028636f6d70617469626c65290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (compatible)","community_id":"1:YcLRG2iHsHLn7bHh2YB+8/IAnH8=","ja3":"","session":"f076d026-74ec-4d82-8471-56598bd08abb","seq":6,"duration_ms":8236,"bytes_in":840,"bytes_out":480},{"timestamp":"2026-06-16T02:50:20","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (compatible)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/includes/config.php","summary":"","payload_hex":"474554202f696e636c756465732f636f6e6669672e70687020485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a204d6f7a696c6c612f352e302028636f6d70617469626c65290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (compatible)","community_id":"1:OpKAhrbi6fjpSrIwVQpgkKJ/pik=","ja3":"","session":"e5370b53-400b-48ad-88eb-0361509441c9","seq":1,"duration_ms":101,"bytes_in":140,"bytes_out":80},{"timestamp":"2026-06-16T02:50:20","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (compatible)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/application/config/database.php","summary":"","payload_hex":"474554202f6170706c69636174696f6e2f636f6e6669672f64617461626173652e70687020485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a204d6f7a696c6c612f352e302028636f6d70617469626c65290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (compatible)","community_id":"1:Qj+xd+G58nKUusUGAkJdot9D7hA=","ja3":"","session":"a5f504c9-c670-49eb-97ce-fdaef73cb61c","seq":1,"duration_ms":100,"bytes_in":152,"bytes_out":80},{"timestamp":"2026-06-16T02:50:19","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (compatible)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/include/config.php","summary":"","payload_hex":"474554202f696e636c7564652f636f6e6669672e70687020485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a204d6f7a696c6c612f352e302028636f6d70617469626c65290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (compatible)","community_id":"1:YcLRG2iHsHLn7bHh2YB+8/IAnH8=","ja3":"","session":"f076d026-74ec-4d82-8471-56598bd08abb","seq":5,"duration_ms":4462,"bytes_in":705,"bytes_out":400},{"timestamp":"2026-06-16T02:50:18","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (compatible)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/config.inc.php","summary":"","payload_hex":"474554202f636f6e6669672e696e632e70687020485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a204d6f7a696c6c612f352e302028636f6d70617469626c65290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (compatible)","community_id":"1:YcLRG2iHsHLn7bHh2YB+8/IAnH8=","ja3":"","session":"f076d026-74ec-4d82-8471-56598bd08abb","seq":4,"duration_ms":3307,"bytes_in":566,"bytes_out":320},{"timestamp":"2026-06-16T02:50:18","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (compatible)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/sites/default/settings.php","summary":"","payload_hex":"474554202f73697465732f64656661756c742f73657474696e67732e70687020485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a204d6f7a696c6c612f352e302028636f6d70617469626c65290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (compatible)","community_id":"1:YcLRG2iHsHLn7bHh2YB+8/IAnH8=","ja3":"","session":"f076d026-74ec-4d82-8471-56598bd08abb","seq":3,"duration_ms":2845,"bytes_in":431,"bytes_out":240},{"timestamp":"2026-06-16T02:50:16","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (compatible)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/app/etc/env.php","summary":"","payload_hex":"474554202f6170702f6574632f656e762e70687020485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a204d6f7a696c6c612f352e302028636f6d70617469626c65290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (compatible)","community_id":"1:YcLRG2iHsHLn7bHh2YB+8/IAnH8=","ja3":"","session":"f076d026-74ec-4d82-8471-56598bd08abb","seq":2,"duration_ms":1280,"bytes_in":284,"bytes_out":160},{"timestamp":"2026-06-16T02:50:15","port":80,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"Mozilla/5.0 (compatible)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/docker-compose.override.yml","summary":"","payload_hex":"474554202f646f636b65722d636f6d706f73652e6f766572726964652e796d6c20485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a204d6f7a696c6c612f352e302028636f6d70617469626c65290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (compatible)","community_id":"1:YcLRG2iHsHLn7bHh2YB+8/IAnH8=","ja3":"","session":"f076d026-74ec-4d82-8471-56598bd08abb","seq":1,"duration_ms":100,"bytes_in":148,"bytes_out":80},{"timestamp":"2026-06-16T02:47:25","port":9090,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip, deflate\",\"host\":\"<HONEYPOT>:9090\",\"user-agent\":\"Mozilla/5.0 (compatible)\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/.git/head","summary":"","payload_hex":"474554202f2e6769742f6865616420485454502f312e310d0a486f73743a20<HONEYPOT>3a393039300d0a557365722d4167656e743a204d6f7a696c6c612f352e302028636f6d70617469626c65290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (compatible)","community_id":"1:aju3GfYP3S9UhrROFMWdSONhf/E=","ja3":"","session":"453b4e5b-4743-4521-b42b-94d0387b8fb6","seq":5,"duration_ms":7714,"bytes_in":717,"bytes_out":400}],"http_methods":[{"method":"GET","count":649}],"distinct_ports_total":12,"top_paths":[{"path":"/backend/.env","count":21,"ports":9},{"path":"/conf/config.php","count":19,"ports":10},{"path":"/.env.example","count":19,"ports":11},{"path":"/application/config/database.php","count":18,"ports":11},{"path":"/config.inc.php","count":18,"ports":12},{"path":"/app/etc/env.php","count":18,"ports":12},{"path":"/includes/config.php","count":18,"ports":11},{"path":"/include/config.php","count":18,"ports":11},{"path":"/config/app.php","count":17,"ports":10},{"path":"/storage/logs/laravel.log","count":17,"ports":10},{"path":"/sites/default/settings.php","count":17,"ports":11},{"path":"/.env.local.php","count":17,"ports":10},{"path":"/config/secrets.yml","count":16,"ports":9},{"path":"/.env.production.local","count":16,"ports":9},{"path":"/app/.env","count":16,"ports":9}],"distinct_paths_total":49,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Accept-Encoding","value":"gzip, deflate","notable":false},{"name":"Host","value":"<HONEYPOT>","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (compatible)","notable":false}],"distinct_sets":1,"events_with_headers":10},"tags":[{"tag_id":"CVE-2020-9425","tag_type":"cve","title":"rConfig <3.9.4 - Sensitive Information Disclosure","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/settings.php","reference_urls":["https://blog.hivint.com/rconfig-3-9-3-unauthenticated-sensitive-information-disclosure-ead4ed88f153","https://github.com/rconfig/rconfig/commit/20f4e3d87e84663d922b937842fddd9af1b68dd9","https://nvd.nist.gov/vuln/detail/CVE-2020-9425","https://github.com/ARPSyndicate/cvemon","https://github.com/ARPSyndicate/kenzer-templates"]},{"tag_id":"CVE-2024-4836","tag_type":"cve","title":"Edito CMS - Sensitive Data Leak","severity":"high","actively_exploited":false,"match_field":"url_path","matched_pattern":"/config.php","reference_urls":["https://cert.pl/en/posts/2024/07/CVE-2024-4836/","https://github.com/sleep46/CVE-2024-4836_Check","https://nvd.nist.gov/vuln/detail/CVE-2024-4836"]}],"data_as_of":"2026-06-19T10:32:46.287968+00:00"}