{"ip":"104.152.52.225","total_events":745,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"internettl","confidence":"high","network_type":"non-profit"},"first_seen":"2026-02-22T12:04:36","last_seen":"2026-06-25T00:12:11","events_24h":16,"events_7d":72,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":14987,"org":"Rethem Hosting LLC"},"source_domain":"internettl.org","known_scanners":["internettl","Internettl Org"],"scanner_tag":{"key":"auto:internettl_org","label":"Internettl Org","category":"commercial","url":""},"cve_matches":[],"top_ports":[{"port":8217,"proto":"tcp","label":"","count":12},{"port":2918,"proto":"tcp","label":"","count":10},{"port":9250,"proto":"tcp","label":"","count":10},{"port":3168,"proto":"tcp","label":"","count":9},{"port":6635,"proto":"tcp","label":"","count":8},{"port":6721,"proto":"tcp","label":"","count":8},{"port":375,"proto":"tcp","label":"","count":7},{"port":3489,"proto":"tcp","label":"","count":7},{"port":2821,"proto":"tcp","label":"","count":7},{"port":8273,"proto":"tcp","label":"","count":7},{"port":8428,"proto":"tcp","label":"","count":7},{"port":2638,"proto":"tcp","label":"","count":6},{"port":6809,"proto":"tcp","label":"","count":6},{"port":865,"proto":"tcp","label":"","count":6},{"port":8237,"proto":"tcp","label":"","count":6}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i131000_f57a46bbacb6_e5728521abd4"],"tls_ja3":["2196848d251b217de8b2c037e356c11d"],"ja4h":["po11nn0600_157369115bf8","ge11nn0400_17292dadbc7b","po11nn0400_52aeb37e206a"]},"fingerprint_peers":{"t13i131000_f57a46bbacb6_e5728521abd4":190,"po11nn0400_52aeb37e206a":113,"po11nn0600_157369115bf8":108,"ge11nn0400_17292dadbc7b":221},"user_agents":["Microsoft WinRM Client","curl/7.61.1"],"timeline":[{"date":"2026-03-29","count":40},{"date":"2026-04-05","count":21},{"date":"2026-04-12","count":180},{"date":"2026-04-17","count":1},{"date":"2026-04-19","count":39},{"date":"2026-04-26","count":34},{"date":"2026-05-01","count":1},{"date":"2026-05-03","count":42},{"date":"2026-05-08","count":1},{"date":"2026-05-19","count":1},{"date":"2026-05-24","count":1},{"date":"2026-05-31","count":17},{"date":"2026-06-06","count":4},{"date":"2026-06-11","count":22},{"date":"2026-06-12","count":10},{"date":"2026-06-13","count":11},{"date":"2026-06-14","count":7},{"date":"2026-06-15","count":1},{"date":"2026-06-16","count":9},{"date":"2026-06-17","count":20},{"date":"2026-06-18","count":5},{"date":"2026-06-19","count":20},{"date":"2026-06-20","count":7},{"date":"2026-06-21","count":14},{"date":"2026-06-22","count":12},{"date":"2026-06-23","count":1},{"date":"2026-06-25","count":16}],"recent_events":[{"timestamp":"2026-06-25T00:12:11","port":839,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000j�SMB@\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000$\u0000\u0003\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0002\u0010\u0002\u0000\u0003","payload_hex":"0000006afe534d42400001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240003000100000000000000000000000000000000000000000000000000000000000000020210020003","method":"","user_agent":"","community_id":"1:Gyh1vzr9mbn6VVPS+SLLjPssd8c=","ja3":"","session":"30eaf3e2-72ff-4db7-9b68-581e43208da6","seq":1,"duration_ms":100,"bytes_in":110,"bytes_out":14,"enriched":{"digest":"aa51c319bd64ddfa","strings":["SMB@"]}},{"timestamp":"2026-06-25T00:12:11","port":839,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"AMQP\u0000\u0000\t\u0001","payload_hex":"414d515000000901","method":"","user_agent":"","community_id":"1:r7/IQTuLx1qR0V8OKkyDOTrJEOs=","ja3":"","session":"904bb6ed-c0b9-4852-9b97-48ab3ab91d16","seq":1,"duration_ms":101,"bytes_in":8,"bytes_out":14,"enriched":{"digest":"198c66d273332395","strings":["AMQP"]}},{"timestamp":"2026-06-25T00:12:10","port":2997,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"AMQP\u0000\u0000\t\u0001","payload_hex":"414d515000000901","method":"","user_agent":"","community_id":"1:cbm0Ls+9y1kXtfiohqV1whx4DtQ=","ja3":"","session":"1db7eff2-a4e4-4ffa-bac8-47018eba9b9a","seq":1,"duration_ms":100,"bytes_in":8,"bytes_out":14,"enriched":{"digest":"198c66d273332395","strings":["AMQP"]}},{"timestamp":"2026-06-25T00:12:03","port":2662,"proto":"tcp","app_proto":"","app_protocol":"redis","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"*1\r\n$4\r\nINFO\r\n","payload_hex":"2a310d0a24340d0a494e464f0d0a","method":"","user_agent":"","community_id":"1:AVCGyQVYv7EwJ0pnYmF+C2ziE6c=","ja3":"","session":"5e39162a-b45e-4975-adcc-c7a950f4291a","seq":1,"duration_ms":100,"bytes_in":14,"bytes_out":5,"enriched":{"digest":"2c31890b53b348f2","label":"Redis (RESP)","strings":["INFO"]}},{"timestamp":"2026-06-25T00:12:01","port":839,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u000e8\u001a#9�CXw-\u0000\u0000\u0000\u0000\u0000","payload_hex":"000e381a2339984358772d0000000000","method":"","user_agent":"","community_id":"1:oqDvTsGyvoJaYyiaMvUoTZyDNYU=","ja3":"","session":"0e8095b5-c927-4656-a9d5-6b9c0cb03f0d","seq":1,"duration_ms":100,"bytes_in":16,"bytes_out":14,"enriched":{"digest":"3e8f2a4e80ba98b3","strings":["CXw-"]}},{"timestamp":"2026-06-25T00:11:59","port":2655,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u000e8\u001a#9�CXw-\u0000\u0000\u0000\u0000\u0000","payload_hex":"000e381a2339984358772d0000000000","method":"","user_agent":"","community_id":"1:Bi4OdQHicFjd/d1/Jt/3wEbg4WE=","ja3":"","session":"f865bfbd-f572-4cd3-a5c1-8a6e340eac55","seq":1,"duration_ms":100,"bytes_in":16,"bytes_out":14,"enriched":{"digest":"3e8f2a4e80ba98b3","strings":["CXw-"]}},{"timestamp":"2026-06-25T00:11:59","port":746,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u000e8\u001a#9�CXw-\u0000\u0000\u0000\u0000\u0000","payload_hex":"000e381a2339984358772d0000000000","method":"","user_agent":"","community_id":"1:r+gzVGPSVAhpn6ueLDqiJQIzJxg=","ja3":"","session":"600b45c5-8133-438a-9999-fd4f66883ac9","seq":1,"duration_ms":101,"bytes_in":16,"bytes_out":14,"enriched":{"digest":"3e8f2a4e80ba98b3","strings":["CXw-"]}},{"timestamp":"2026-06-25T00:11:58","port":2729,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0012\u0001\u0000/\u0000\u0000\u0002\u0000\u0000\u0000\u001a\u0000\u0006\u0001\u0000 \u0000\u0001\u0002\u0000!\u0000\u0001\u0003\u0000\"\u0000\u0004\u0004\u0000&\u0000\u0001�\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000","payload_hex":"1201002f0000020000001a00060100200001020021000103002200040400260001ff00000000000001000000000000","method":"","user_agent":"","community_id":"1:GOH3i+C8x72qBAp6AcQoRyq6owg=","ja3":"","session":"adeb9f42-3d99-4262-98e3-68d014982f18","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":14},{"timestamp":"2026-06-25T00:11:57","port":2165,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":":\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000�\u0007\u0000\u0000\u0000\u0000\u0000\u0000admin.$cmd\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0013\u0000\u0000\u0000\u0010isMaster\u0000\u0001\u0000\u0000\u0000\u0000","payload_hex":"3a0000000000000000000000d40700000000000061646d696e2e24636d64000000000001000000130000001069734d6173746572000100000000","method":"","user_agent":"","community_id":"1:EmG0f2ev+vFLRRIg7Cpj9piO39I=","ja3":"","session":"f49ff6cf-efe1-482a-98ed-78f261d03e6d","seq":1,"duration_ms":100,"bytes_in":58,"bytes_out":14,"enriched":{"digest":"71265954b8b925aa","strings":["admin.$cmd","isMaster"]}},{"timestamp":"2026-06-25T00:11:56","port":998,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0012\u0001\u0000/\u0000\u0000\u0002\u0000\u0000\u0000\u001a\u0000\u0006\u0001\u0000 \u0000\u0001\u0002\u0000!\u0000\u0001\u0003\u0000\"\u0000\u0004\u0004\u0000&\u0000\u0001�\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000","payload_hex":"1201002f0000020000001a00060100200001020021000103002200040400260001ff00000000000001000000000000","method":"","user_agent":"","community_id":"1:ZIa+Af3zkbjfLGY7dZgDSfxx9hI=","ja3":"","session":"6503d7f4-3441-45fe-97a9-896497f9754e","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":14}],"http_methods":[{"method":"GET","count":62},{"method":"POST","count":25}],"distinct_ports_total":333,"top_paths":[{"path":"/","count":59,"ports":58},{"path":"/wsman","count":25,"ports":13},{"path":"/get_info","count":3,"ports":3}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[{"value":"localhost","count":12}],"top_alpns":[],"banners":[{"value":"SSH-2.0-Go","count":4}],"credentials":[],"header_profile":null,"tags":[],"data_as_of":"2026-06-25T14:14:11.840577+00:00"}