{"ip":"104.152.52.214","total_events":2061,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"internettl","confidence":"high","network_type":"non-profit","why":["Source IP is in a known scanner range (internettl).","Known research and commercial scanners are labelled as such, not as threats."]},"first_seen":"2026-02-22T03:31:16","last_seen":"2026-07-05T15:27:04","events_24h":61,"events_7d":209,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":14987,"org":"Rethem Hosting LLC"},"source_domain":"internettl.org","known_scanners":["internettl","Internettl Org"],"scanner_tag":{"key":"auto:internettl_org","label":"Internettl Org","category":"commercial","url":""},"cve_matches":[],"malware":[],"top_ports":[{"port":2850,"proto":"tcp","label":"","count":12},{"port":3125,"proto":"tcp","label":"","count":10},{"port":8009,"proto":"tcp","label":"","count":10},{"port":2102,"proto":"tcp","label":"","count":9},{"port":2001,"proto":"tcp","label":"","count":8},{"port":8938,"proto":"tcp","label":"","count":8},{"port":159,"proto":"tcp","label":"","count":8},{"port":3202,"proto":"tcp","label":"","count":8},{"port":742,"proto":"tcp","label":"","count":8},{"port":813,"proto":"tcp","label":"","count":8},{"port":8262,"proto":"tcp","label":"","count":8},{"port":5605,"proto":"tcp","label":"","count":8},{"port":768,"proto":"tcp","label":"","count":7},{"port":236,"proto":"tcp","label":"","count":7},{"port":6638,"proto":"tcp","label":"","count":7}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i131000_f57a46bbacb6_e5728521abd4"],"tls_ja3":["2196848d251b217de8b2c037e356c11d"],"ja4h":["po11nn0600_157369115bf8","ge11nn0400_17292dadbc7b","po11nn0400_52aeb37e206a"]},"fingerprint_peers":{"t13i131000_f57a46bbacb6_e5728521abd4":197,"po11nn0400_52aeb37e206a":117,"po11nn0600_157369115bf8":113,"ge11nn0400_17292dadbc7b":205},"user_agents":["Microsoft WinRM Client","curl/7.61.1"],"timeline":[{"date":"2026-04-12","count":208},{"date":"2026-04-19","count":212},{"date":"2026-04-26","count":98},{"date":"2026-04-27","count":1},{"date":"2026-05-03","count":58},{"date":"2026-05-19","count":1},{"date":"2026-05-23","count":1},{"date":"2026-05-24","count":52},{"date":"2026-05-31","count":34},{"date":"2026-06-02","count":1},{"date":"2026-06-05","count":1},{"date":"2026-06-06","count":37},{"date":"2026-06-07","count":2},{"date":"2026-06-09","count":1},{"date":"2026-06-11","count":44},{"date":"2026-06-12","count":31},{"date":"2026-06-13","count":27},{"date":"2026-06-14","count":51},{"date":"2026-06-15","count":1},{"date":"2026-06-16","count":22},{"date":"2026-06-17","count":23},{"date":"2026-06-18","count":57},{"date":"2026-06-19","count":25},{"date":"2026-06-20","count":8},{"date":"2026-06-21","count":13},{"date":"2026-06-22","count":24},{"date":"2026-06-23","count":3},{"date":"2026-06-24","count":2},{"date":"2026-06-25","count":13},{"date":"2026-06-26","count":38},{"date":"2026-06-27","count":18},{"date":"2026-06-28","count":36},{"date":"2026-06-29","count":16},{"date":"2026-06-30","count":8},{"date":"2026-07-01","count":35},{"date":"2026-07-02","count":14},{"date":"2026-07-03","count":65},{"date":"2026-07-04","count":10},{"date":"2026-07-05","count":61}],"recent_events":[{"timestamp":"2026-07-05T15:27:04","port":425,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"close\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"curl/7.61.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a206375726c2f372e36312e310d0a4163636570743a202a2f2a0d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"curl/7.61.1","community_id":"1:FtNUqSp14SyrAVoFsv6CeToNPhs=","ja3":"","session":"e2e393e1-8ae7-4ae7-9c9a-07b0b75d79dc","seq":1,"duration_ms":100,"bytes_in":96,"bytes_out":79},{"timestamp":"2026-07-05T15:09:50","port":2168,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"close\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"curl/7.61.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a206375726c2f372e36312e310d0a4163636570743a202a2f2a0d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"curl/7.61.1","community_id":"1:00Mgd8X2wsgHvFhRbpF0KpRPnnI=","ja3":"","session":"8635295f-0813-4686-8f55-4fcf71d59e45","seq":1,"duration_ms":101,"bytes_in":96,"bytes_out":79},{"timestamp":"2026-07-05T15:09:28","port":896,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"close\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"curl/7.61.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a206375726c2f372e36312e310d0a4163636570743a202a2f2a0d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"curl/7.61.1","community_id":"1:af14bsivZ3R+pHIq84VMfOVK9+A=","ja3":"","session":"81013341-64cb-4014-a1b8-c5fb2b920f67","seq":1,"duration_ms":100,"bytes_in":96,"bytes_out":79},{"timestamp":"2026-07-05T15:09:25","port":322,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"connection\":\"close\",\"host\":\"<HONEYPOT>\",\"user-agent\":\"curl/7.61.1\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>0d0a557365722d4167656e743a206375726c2f372e36312e310d0a4163636570743a202a2f2a0d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"curl/7.61.1","community_id":"1:/Ty3xP99vYozpAYZrwOOfjWWZWM=","ja3":"","session":"9a665b89-cf0f-497b-ba7e-d582afaf69b7","seq":1,"duration_ms":100,"bytes_in":96,"bytes_out":79},{"timestamp":"2026-07-05T00:13:59","port":644,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"����version\u0000\u0000\u0000\u0000\u0000V\u0000\u0000\u0000\u0018\u0019�\u0015@�\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000ǡIj\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0005\t\u0007>\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002�\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u001e�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000���\u001bu\u0019\"!\u0014�\u0001\u0000\u0000\u0000\u0000\u0000","payload_hex":"f9beb4d976657273696f6e0000000000560000001819d215409c00000100000000000000c7a1496a0000000001000000000000000509073e00000000000000000000000002840100000000000000c0a81ec1000000000000000000000000eaf18d1b75192221149d010000000000","method":"","user_agent":"","community_id":"1:To2tiAIu8arIs85g7yY48z7RMMs=","ja3":"","session":"9a748449-cf83-4566-b4bd-64795fad8a4e","seq":1,"duration_ms":100,"bytes_in":110,"bytes_out":14,"enriched":{"digest":"c89c380d8b8eb4b1","strings":["version","versionV"]}},{"timestamp":"2026-07-05T00:13:59","port":8437,"proto":"tcp","app_proto":"","app_protocol":"http","host":"localhost","headers":"{\"connection\":\"Keep-Alive\",\"content-length\":\"198\",\"content-type\":\"application/soap+xml;charset=UTF-8\",\"host\":\"localhost:8437\",\"user-agent\":\"Microsoft WinRM Client\",\"wsmanidentify\":\"unauthenticated\"}","body":"<s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsmid=\"http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd\"><s:Header/><s:Body><wsmid:Identify/></s:Body></s:Envelope>\r\n\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/wsman","summary":"","payload_hex":"504f5354202f77736d616e20485454502f312e310d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a436f6e74656e742d547970653a206170706c69636174696f6e2f736f61702b786d6c3b636861727365743d5554462d380d0a557365722d4167656e743a204d6963726f736f66742057696e524d20436c69656e740d0a57534d414e4944454e544946593a20756e61757468656e746963617465640d0a436f6e74656e742d4c656e6774683a203139380d0a486f73743a206c6f63616c686f73743a383433370d0a0d0a3c733a456e76656c6f706520786d6c6e733a733d22687474703a2f2f7777772e77332e6f72672f323030332f30352f736f61702d656e76656c6f70652220786d6c6e733a77736d69643d22687474703a2f2f736368656d61732e646d74662e6f72672f7762656d2f77736d616e2f6964656e746974792f312f77736d616e6964656e746974792e787364223e3c733a4865616465722f3e3c733a426f64793e3c77736d69643a4964656e746966792f3e3c2f733a426f64793e3c2f733a456e76656c6f70653e0d0a0d0a","method":"POST","user_agent":"Microsoft WinRM Client","community_id":"1:vpoNkgCOqqS7KnVTqhvn+MzNnyE=","ja3":"","session":"f9e1025e-9c59-4c4e-9538-34d54d4aef21","seq":1,"duration_ms":100,"bytes_in":411,"bytes_out":79},{"timestamp":"2026-07-05T00:13:57","port":234,"proto":"tcp","app_proto":"","app_protocol":"http","host":"localhost","headers":"{\"connection\":\"Keep-Alive\",\"content-length\":\"198\",\"content-type\":\"application/soap+xml;charset=UTF-8\",\"host\":\"localhost:234\",\"user-agent\":\"Microsoft WinRM Client\",\"wsmanidentify\":\"unauthenticated\"}","body":"<s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsmid=\"http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd\"><s:Header/><s:Body><wsmid:Identify/></s:Body></s:Envelope>\r\n\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/wsman","summary":"","payload_hex":"504f5354202f77736d616e20485454502f312e310d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a436f6e74656e742d547970653a206170706c69636174696f6e2f736f61702b786d6c3b636861727365743d5554462d380d0a557365722d4167656e743a204d6963726f736f66742057696e524d20436c69656e740d0a57534d414e4944454e544946593a20756e61757468656e746963617465640d0a436f6e74656e742d4c656e6774683a203139380d0a486f73743a206c6f63616c686f73743a3233340d0a0d0a3c733a456e76656c6f706520786d6c6e733a733d22687474703a2f2f7777772e77332e6f72672f323030332f30352f736f61702d656e76656c6f70652220786d6c6e733a77736d69643d22687474703a2f2f736368656d61732e646d74662e6f72672f7762656d2f77736d616e2f6964656e746974792f312f77736d616e6964656e746974792e787364223e3c733a4865616465722f3e3c733a426f64793e3c77736d69643a4964656e746966792f3e3c2f733a426f64793e3c2f733a456e76656c6f70653e0d0a0d0a","method":"POST","user_agent":"Microsoft WinRM Client","community_id":"1:ss9MiTGg1hHdDGSFwcTCUJB5lO0=","ja3":"","session":"8261e529-9eae-47d5-a84d-693791ee20bf","seq":1,"duration_ms":100,"bytes_in":410,"bytes_out":79},{"timestamp":"2026-07-05T00:13:57","port":8437,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"8\",\"host\":\"<HONEYPOT>:8437\",\"user-agent\":\"Microsoft WinRM Client\"}","body":"35519413\r\n\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/wsman","summary":"","payload_hex":"504f5354202f77736d616e20485454502f312e310d0a436f6e6e656374696f6e3a20636c6f73650d0a557365722d4167656e743a204d6963726f736f66742057696e524d20436c69656e740d0a436f6e74656e742d4c656e6774683a20380d0a486f73743a20<HONEYPOT>3a383433370d0a0d0a33353531393431330d0a0d0a","method":"POST","user_agent":"Microsoft WinRM Client","community_id":"1:oc9Obi4AkDzGDnBZ28tjWpsmhWg=","ja3":"","session":"9586415f-b902-4578-a819-b37c6c7e8b5c","seq":1,"duration_ms":100,"bytes_in":136,"bytes_out":79},{"timestamp":"2026-07-05T00:13:56","port":234,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"content-length\":\"8\",\"host\":\"<HONEYPOT>:234\",\"user-agent\":\"Microsoft WinRM Client\"}","body":"146C59FB\r\n\r\n","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/wsman","summary":"","payload_hex":"504f5354202f77736d616e20485454502f312e310d0a436f6e6e656374696f6e3a20636c6f73650d0a557365722d4167656e743a204d6963726f736f66742057696e524d20436c69656e740d0a436f6e74656e742d4c656e6774683a20380d0a486f73743a20<HONEYPOT>3a3233340d0a0d0a31343643353946420d0a0d0a","method":"POST","user_agent":"Microsoft WinRM Client","community_id":"1:J2ZFMyQ9uBuxlPOcpCQVIQ38COw=","ja3":"","session":"e249c1fb-6435-41f1-9b16-45c64b99b98e","seq":1,"duration_ms":100,"bytes_in":135,"bytes_out":79},{"timestamp":"2026-07-05T00:13:55","port":2133,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"AMQP\u0000\u0000\t\u0001","payload_hex":"414d515000000901","method":"","user_agent":"","community_id":"1:mkHWtZ1v10tSmYqymAgBiLVM4e0=","ja3":"","session":"eddb56b6-db6e-4726-abc6-7a4e163ac103","seq":1,"duration_ms":100,"bytes_in":8,"bytes_out":14,"enriched":{"digest":"198c66d273332395","strings":["AMQP"]}}],"http_methods":[{"method":"GET","count":190},{"method":"POST","count":84}],"distinct_ports_total":893,"top_paths":[{"path":"/","count":167,"ports":164},{"path":"/wsman","count":84,"ports":41},{"path":"/get_info","count":23,"ports":23}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[{"value":"localhost","count":41}],"top_alpns":[],"banners":[{"value":"SSH-2.0-Go","count":1}],"credentials":[],"header_profile":{"signature":["Connection","Content-Length","Content-Type","Host","User-Agent","Wsmanidentify"],"representative":[{"name":"Connection","value":"Keep-Alive","notable":false},{"name":"Content-Length","value":"198","notable":false},{"name":"Content-Type","value":"application/soap+xml;charset=UTF-8","notable":true},{"name":"Host","value":"localhost:8437","notable":false},{"name":"User-Agent","value":"Microsoft WinRM Client","notable":false},{"name":"Wsmanidentify","value":"unauthenticated","notable":false}],"distinct_sets":3,"events_with_headers":8},"tags":[],"data_as_of":"2026-07-05T21:18:10.465958+00:00"}