{"ip":"64.62.197.80","total_events":113,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"shadowserver","confidence":"high","network_type":"nsp"},"first_seen":"2026-02-20T05:11:53","last_seen":"2026-06-03T09:33:20","events_24h":0,"events_7d":18,"geo":{"country_code":"US","country_name":"","region":"","city":"","lat":37.751,"lon":-97.822,"asn":6939,"org":"Hurricane Electric LLC"},"source_domain":"scan-46d.shadowserver.org","known_scanners":["shadowserver","Shadowserver"],"scanner_tag":{"key":"shadowserver","label":"Shadowserver","category":"research","url":"https://www.shadowserver.org/"},"cve_matches":[{"cve_id":"CVE-2021-28169","title":"Eclipse Jetty ConcatServlet - Information Disclosure","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/static"}],"top_ports":[{"port":57722,"proto":"tcp","label":"","count":6},{"port":22,"proto":"tcp","label":"SSH","count":5},{"port":8081,"proto":"tcp","label":"","count":5},{"port":8888,"proto":"tcp","label":"HTTP-alt","count":5},{"port":9000,"proto":"tcp","label":"Web-alt","count":4},{"port":20443,"proto":"tcp","label":"","count":4},{"port":14443,"proto":"tcp","label":"","count":4},{"port":2600,"proto":"tcp","label":"","count":4},{"port":9192,"proto":"tcp","label":"","count":3},{"port":8001,"proto":"tcp","label":"","count":3},{"port":8443,"proto":"tcp","label":"HTTPS-alt","count":3},{"port":8080,"proto":"tcp","label":"HTTP-alt","count":3},{"port":7047,"proto":"tcp","label":"","count":2},{"port":8015,"proto":"tcp","label":"","count":2},{"port":10443,"proto":"tcp","label":"","count":2}],"fingerprints":{"ssh_hassh":["7216c7c473918b4f83d1139b3c70dbf9"],"tls_ja4":["t12i130500_2d7513195f68_e51b7354d87f","t13i030800_55b375c5d22e_97f8aa674fd9"],"ja4h":["ge11nn0400_88d30a62b7ad","ge11nn0200_3ed38b250d3d"]},"fingerprint_peers":{"t13i030800_55b375c5d22e_97f8aa674fd9":960,"t12i130500_2d7513195f68_e51b7354d87f":2758,"ge11nn0200_3ed38b250d3d":1543,"ge11nn0400_88d30a62b7ad":5665,"7216c7c473918b4f83d1139b3c70dbf9":654},"user_agents":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Safari/605.1.15","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36","Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15","Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0","Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36","Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"],"timeline":[{"date":"2026-03-07","count":2},{"date":"2026-03-08","count":1},{"date":"2026-03-09","count":1},{"date":"2026-03-10","count":3},{"date":"2026-03-13","count":2},{"date":"2026-03-15","count":1},{"date":"2026-03-16","count":2},{"date":"2026-03-17","count":1},{"date":"2026-03-18","count":2},{"date":"2026-03-21","count":2},{"date":"2026-03-23","count":1},{"date":"2026-03-24","count":1},{"date":"2026-03-25","count":4},{"date":"2026-03-26","count":2},{"date":"2026-03-30","count":1},{"date":"2026-03-31","count":1},{"date":"2026-04-01","count":2},{"date":"2026-04-03","count":1},{"date":"2026-04-05","count":1},{"date":"2026-04-06","count":1},{"date":"2026-04-08","count":2},{"date":"2026-04-09","count":1},{"date":"2026-04-10","count":1},{"date":"2026-04-11","count":2},{"date":"2026-04-16","count":1},{"date":"2026-04-17","count":3},{"date":"2026-04-21","count":2},{"date":"2026-04-23","count":1},{"date":"2026-04-24","count":1},{"date":"2026-04-26","count":1},{"date":"2026-04-27","count":4},{"date":"2026-04-28","count":4},{"date":"2026-04-29","count":1},{"date":"2026-05-01","count":1},{"date":"2026-05-04","count":1},{"date":"2026-05-05","count":1},{"date":"2026-05-06","count":1},{"date":"2026-05-07","count":3},{"date":"2026-05-09","count":1},{"date":"2026-05-10","count":1},{"date":"2026-05-17","count":1},{"date":"2026-05-18","count":2},{"date":"2026-05-20","count":2},{"date":"2026-05-21","count":1},{"date":"2026-05-22","count":1},{"date":"2026-05-23","count":2},{"date":"2026-05-25","count":2},{"date":"2026-05-26","count":3},{"date":"2026-05-27","count":1},{"date":"2026-05-29","count":3},{"date":"2026-05-30","count":6},{"date":"2026-05-31","count":2},{"date":"2026-06-01","count":1},{"date":"2026-06-02","count":3},{"date":"2026-06-03","count":3}],"recent_events":[{"timestamp":"2026-06-03T09:33:20","port":6025,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:6025\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"},{"timestamp":"2026-06-03T06:57:11","port":10514,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:10514\",\"user-agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Safari/605.1.15\"}","body":"","sni":"","tls_cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","tls_version":"TLSv1.2","alpn":[],"url_path":"/lang//custom/sbin/init","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Safari/605.1.15"},{"timestamp":"2026-06-03T06:57:08","port":10514,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:10514\",\"user-agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Safari/605.1.15\"}","body":"","sni":"","tls_cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","tls_version":"TLSv1.2","alpn":[],"url_path":"/lang/custom/sbin/init","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Safari/605.1.15"},{"timestamp":"2026-06-02T12:08:33","port":23456,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:23456\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0"},{"timestamp":"2026-06-02T03:14:51","port":9000,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9000\",\"user-agent\":\"Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","tls_version":"TLSv1.2","alpn":[],"url_path":"/lang//custom/sbin/init","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"},{"timestamp":"2026-06-02T03:13:50","port":9000,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9000\",\"user-agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"},{"timestamp":"2026-06-01T11:02:17","port":9090,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9090\",\"user-agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0"},{"timestamp":"2026-05-31T08:51:22","port":9192,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9192\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Edg/109.0.1518.70\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Edg/109.0.1518.70"},{"timestamp":"2026-05-31T01:49:01","port":7047,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:7047\",\"user-agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0\"}","body":"","sni":"","tls_cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","tls_version":"TLSv1.2","alpn":[],"url_path":"/favicon.ico","summary":"","method":"GET","user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0"},{"timestamp":"2026-05-30T04:18:50","port":500,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:500\",\"user-agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","tls_version":"TLSv1.2","alpn":[],"url_path":"/favicon.ico","summary":"","method":"GET","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"}],"http_methods":[{"method":"GET","count":94}],"distinct_ports_total":62,"top_paths":[{"path":"/","count":30,"ports":27},{"path":"/favicon.ico","count":26,"ports":25},{"path":"/lang/custom/sbin/init","count":12,"ports":11},{"path":"/static/lang//custom/sbin/init","count":10,"ports":10},{"path":"/lang//custom/sbin/init","count":9,"ports":8},{"path":"/static/lang/custom/sbin/init","count":6,"ports":6},{"path":"http://api.ipify.org/?format=json","count":1,"ports":1}],"distinct_paths_total":7,"top_snis":[],"top_hosts":[{"value":"api.ipify.org","count":1}],"top_alpns":[],"banners":[{"value":"SSH-2.0-Go","count":2}],"credentials":[],"header_profile":{"signature":["Accept","Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:6025","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36","notable":false}],"distinct_sets":1,"events_with_headers":10},"tags":[{"tag_id":"CVE-2021-28169","tag_type":"cve","title":"Eclipse Jetty ConcatServlet - Information Disclosure","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/static","reference_urls":["https://twitter.com/sec715/status/1406787963569065988","https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq","https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E","https://nvd.nist.gov/vuln/detail/CVE-2021-28169","https://lists.apache.org/thread.html/r04a4b4553a23aff26f42635a6ae388c3b162aab30a88d12e59d05168@%3Cjira.kafka.apache.org%3E"]}],"data_as_of":"2026-06-04T23:51:15.626399+00:00"}