{"ip":"104.152.52.205","total_events":1656,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"internettl","confidence":"high","network_type":"non-profit"},"first_seen":"2026-02-22T03:31:16","last_seen":"2026-06-22T00:13:35","events_24h":26,"events_7d":150,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":14987,"org":"Rethem Hosting LLC"},"source_domain":"internettl.org","known_scanners":["internettl","Internettl Org"],"scanner_tag":{"key":"auto:internettl_org","label":"Internettl Org","category":"commercial","url":""},"cve_matches":[],"top_ports":[{"port":159,"proto":"tcp","label":"","count":10},{"port":9441,"proto":"tcp","label":"","count":9},{"port":8554,"proto":"tcp","label":"","count":9},{"port":8731,"proto":"tcp","label":"","count":8},{"port":2069,"proto":"tcp","label":"","count":8},{"port":8330,"proto":"tcp","label":"","count":8},{"port":2148,"proto":"tcp","label":"","count":8},{"port":348,"proto":"tcp","label":"","count":8},{"port":604,"proto":"tcp","label":"","count":8},{"port":2166,"proto":"tcp","label":"","count":7},{"port":848,"proto":"tcp","label":"","count":7},{"port":3017,"proto":"tcp","label":"","count":7},{"port":2001,"proto":"tcp","label":"","count":7},{"port":6487,"proto":"tcp","label":"","count":6},{"port":324,"proto":"tcp","label":"","count":6}],"fingerprints":{"ssh_hassh":["e54ef3ec27fe1fea7ab64d3fa05359fd"],"tls_ja4":["t13i131000_f57a46bbacb6_e5728521abd4"],"tls_ja3":["2196848d251b217de8b2c037e356c11d"],"ja4h":["po11nn0600_157369115bf8","ge11nn0400_17292dadbc7b","po11nn0400_52aeb37e206a"]},"fingerprint_peers":{"t13i131000_f57a46bbacb6_e5728521abd4":187,"po11nn0400_52aeb37e206a":113,"po11nn0600_157369115bf8":112,"ge11nn0400_17292dadbc7b":220,"e54ef3ec27fe1fea7ab64d3fa05359fd":301},"user_agents":["Microsoft WinRM Client","curl/7.61.1"],"timeline":[{"date":"2026-03-29","count":139},{"date":"2026-04-05","count":148},{"date":"2026-04-12","count":214},{"date":"2026-04-19","count":177},{"date":"2026-04-26","count":71},{"date":"2026-05-03","count":58},{"date":"2026-05-21","count":1},{"date":"2026-05-24","count":54},{"date":"2026-05-31","count":40},{"date":"2026-06-06","count":26},{"date":"2026-06-08","count":1},{"date":"2026-06-11","count":49},{"date":"2026-06-12","count":28},{"date":"2026-06-13","count":36},{"date":"2026-06-14","count":51},{"date":"2026-06-16","count":12},{"date":"2026-06-17","count":21},{"date":"2026-06-18","count":47},{"date":"2026-06-19","count":21},{"date":"2026-06-20","count":6},{"date":"2026-06-21","count":17},{"date":"2026-06-22","count":26}],"recent_events":[{"timestamp":"2026-06-22T00:13:35","port":8692,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000j�SMB@\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000$\u0000\u0003\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0002\u0010\u0002\u0000\u0003","payload_hex":"0000006afe534d42400001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240003000100000000000000000000000000000000000000000000000000000000000000020210020003","method":"","user_agent":"","community_id":"1:1Q67MpZTT4NXWru2X6U/fUQY5pg=","ja3":"","session":"53a37aaf-b1bb-41a1-90ce-a1b4db28b1cd","seq":1,"duration_ms":100,"bytes_in":110,"bytes_out":14,"enriched":{"digest":"aa51c319bd64ddfa","strings":["SMB@"]}},{"timestamp":"2026-06-22T00:13:33","port":8748,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"AMQP\u0000\u0000\t\u0001","payload_hex":"414d515000000901","method":"","user_agent":"","community_id":"1:Z79teHaKaKrs6+bJ+oDqadT1lpw=","ja3":"","session":"05ab8b45-3aa4-4b42-a32c-8e8b5b2595c1","seq":1,"duration_ms":100,"bytes_in":8,"bytes_out":14,"enriched":{"digest":"198c66d273332395","strings":["AMQP"]}},{"timestamp":"2026-06-22T00:13:29","port":99,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000j�SMB@\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000$\u0000\u0003\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0002\u0010\u0002\u0000\u0003","payload_hex":"0000006afe534d42400001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240003000100000000000000000000000000000000000000000000000000000000000000020210020003","method":"","user_agent":"","community_id":"1:ks9LyGn/LC1c5ZaGrE9pAE7KWS4=","ja3":"","session":"df154f9c-f78c-4f3e-ae2a-f2c624a20118","seq":1,"duration_ms":100,"bytes_in":110,"bytes_out":14,"enriched":{"digest":"aa51c319bd64ddfa","strings":["SMB@"]}},{"timestamp":"2026-06-22T00:13:14","port":2594,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0012\u0001\u0000/\u0000\u0000\u0002\u0000\u0000\u0000\u001a\u0000\u0006\u0001\u0000 \u0000\u0001\u0002\u0000!\u0000\u0001\u0003\u0000\"\u0000\u0004\u0004\u0000&\u0000\u0001�\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000","payload_hex":"1201002f0000020000001a00060100200001020021000103002200040400260001ff00000000000001000000000000","method":"","user_agent":"","community_id":"1:ZfUv7rmWQ6L8lCtFbY3QPzLCX8g=","ja3":"","session":"3037abfd-eeca-467f-9943-2ab1f6153c3f","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":14},{"timestamp":"2026-06-22T00:13:10","port":2452,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":":\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000�\u0007\u0000\u0000\u0000\u0000\u0000\u0000admin.$cmd\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0013\u0000\u0000\u0000\u0010isMaster\u0000\u0001\u0000\u0000\u0000\u0000","payload_hex":"3a0000000000000000000000d40700000000000061646d696e2e24636d64000000000001000000130000001069734d6173746572000100000000","method":"","user_agent":"","community_id":"1:bEAvRL68EfjCt6W3gbO6EzVdPcM=","ja3":"","session":"7ae887ef-792d-4c46-a6f4-6c2f672c1097","seq":1,"duration_ms":100,"bytes_in":58,"bytes_out":14,"enriched":{"digest":"71265954b8b925aa","strings":["admin.$cmd","isMaster"]}},{"timestamp":"2026-06-22T00:13:08","port":8692,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000\b\u0000�\u0000�","payload_hex":"0000000800ff00ff","method":"","user_agent":"","community_id":"1:KKAunde9sSEqpf6GAm3vWEINgfg=","ja3":"","session":"af1e2402-57ec-4653-bb82-84eb8f71e979","seq":1,"duration_ms":100,"bytes_in":8,"bytes_out":14},{"timestamp":"2026-06-22T00:13:08","port":879,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000\b\u0000�\u0000�","payload_hex":"0000000800ff00ff","method":"","user_agent":"","community_id":"1:spaE2WD9PGty0Mqi41Z8z2YKAZg=","ja3":"","session":"ed6af5b5-9563-4f2e-86ba-c377ec15929d","seq":1,"duration_ms":100,"bytes_in":8,"bytes_out":14},{"timestamp":"2026-06-22T00:13:08","port":2619,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0012\u0001\u0000/\u0000\u0000\u0002\u0000\u0000\u0000\u001a\u0000\u0006\u0001\u0000 \u0000\u0001\u0002\u0000!\u0000\u0001\u0003\u0000\"\u0000\u0004\u0004\u0000&\u0000\u0001�\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000","payload_hex":"1201002f0000020000001a00060100200001020021000103002200040400260001ff00000000000001000000000000","method":"","user_agent":"","community_id":"1:KtyhUAkRQyPx/uU+VFSKLXNqgog=","ja3":"","session":"7268894a-be32-409b-80b0-fd6337a265f6","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":14},{"timestamp":"2026-06-22T00:13:07","port":8569,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000\b\u0000�\u0000�","payload_hex":"0000000800ff00ff","method":"","user_agent":"","community_id":"1:l2vk/H7FOw0gRVuH/ibQd9/h0IY=","ja3":"","session":"8ee96ee6-c1b9-4142-89ab-10bba227877b","seq":1,"duration_ms":100,"bytes_in":8,"bytes_out":14},{"timestamp":"2026-06-22T00:13:06","port":8692,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000\b\u0004�\u0016/","payload_hex":"0000000804d2162f","method":"","user_agent":"","community_id":"1:99xJamw8noVV07TG3EO2l4n2LTg=","ja3":"","session":"0c6a6b48-fcde-4e03-a27b-785531057de5","seq":1,"duration_ms":100,"bytes_in":8,"bytes_out":14}],"http_methods":[{"method":"GET","count":92},{"method":"POST","count":30}],"distinct_ports_total":694,"top_paths":[{"path":"/","count":78,"ports":78},{"path":"/wsman","count":30,"ports":16},{"path":"/get_info","count":14,"ports":14}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[{"value":"localhost","count":14}],"top_alpns":[],"banners":[{"value":"SSH-2.0-Go","count":3}],"credentials":[],"header_profile":null,"tags":[],"data_as_of":"2026-06-22T08:00:10.775374+00:00"}