{"ip":"106.75.9.106","total_events":414,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"fofa","confidence":"high","network_type":null},"first_seen":"2026-02-16T16:02:42","last_seen":"2026-06-20T17:55:55","events_24h":2,"events_7d":4,"geo":{"country_code":"CN","country_name":"China","region":"","city":"","lat":34.7732,"lon":113.722,"asn":4808,"org":"China Unicom Beijing Province Network"},"source_domain":"ho0wzk2.cn","known_scanners":["fofa"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":8080,"proto":"tcp","label":"HTTP-alt","count":17},{"port":5005,"proto":"tcp","label":"","count":16},{"port":5050,"proto":"tcp","label":"","count":14},{"port":7777,"proto":"tcp","label":"Oracle","count":12},{"port":5560,"proto":"tcp","label":"","count":12},{"port":9005,"proto":"tcp","label":"","count":12},{"port":9418,"proto":"tcp","label":"Git","count":10},{"port":49159,"proto":"tcp","label":"","count":10},{"port":6060,"proto":"tcp","label":"","count":9},{"port":5003,"proto":"tcp","label":"","count":7},{"port":3333,"proto":"tcp","label":"","count":6},{"port":7500,"proto":"tcp","label":"","count":6},{"port":55555,"proto":"tcp","label":"","count":5},{"port":49,"proto":"tcp","label":"","count":5},{"port":512,"proto":"tcp","label":"","count":5}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i191000_9dc949149365_e5728521abd4","t13i190900_9dc949149365_e7c285222651","t13i1910h2_9dc949149365_e7c285222651"],"tls_ja3":["9460af62ae0af667130bf0d36514f084"],"ja4h":["po11nn0500_f06087f10d63","ge11nn06zh_52bcf4772082","ge11nn0200_79258615d613","ge11nr06zh_d58dc9afd453"]},"fingerprint_peers":{"t13i191000_9dc949149365_e5728521abd4":97,"t13i1910h2_9dc949149365_e7c285222651":3,"t13i190900_9dc949149365_e7c285222651":3065,"ge11nr06zh_d58dc9afd453":4,"po11nn0500_f06087f10d63":11,"ge11nn06zh_52bcf4772082":4,"ge11nn0200_79258615d613":4171},"user_agents":["Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"],"timeline":[{"date":"2026-03-23","count":5},{"date":"2026-03-24","count":12},{"date":"2026-03-26","count":6},{"date":"2026-03-28","count":3},{"date":"2026-03-29","count":3},{"date":"2026-03-30","count":1},{"date":"2026-03-31","count":6},{"date":"2026-04-01","count":4},{"date":"2026-04-02","count":6},{"date":"2026-04-04","count":3},{"date":"2026-04-05","count":6},{"date":"2026-04-08","count":22},{"date":"2026-04-09","count":5},{"date":"2026-04-10","count":8},{"date":"2026-04-12","count":1},{"date":"2026-04-13","count":1},{"date":"2026-04-14","count":3},{"date":"2026-04-15","count":6},{"date":"2026-04-16","count":3},{"date":"2026-04-17","count":6},{"date":"2026-04-19","count":6},{"date":"2026-04-20","count":6},{"date":"2026-04-21","count":6},{"date":"2026-04-23","count":17},{"date":"2026-04-24","count":3},{"date":"2026-04-25","count":3},{"date":"2026-04-26","count":6},{"date":"2026-04-28","count":3},{"date":"2026-04-29","count":17},{"date":"2026-04-30","count":1},{"date":"2026-05-02","count":6},{"date":"2026-05-03","count":9},{"date":"2026-05-06","count":6},{"date":"2026-05-07","count":13},{"date":"2026-05-09","count":5},{"date":"2026-05-10","count":8},{"date":"2026-05-12","count":1},{"date":"2026-05-13","count":1},{"date":"2026-05-14","count":3},{"date":"2026-05-15","count":3},{"date":"2026-05-17","count":1},{"date":"2026-05-18","count":1},{"date":"2026-05-19","count":6},{"date":"2026-05-20","count":3},{"date":"2026-05-21","count":7},{"date":"2026-05-22","count":3},{"date":"2026-05-31","count":7},{"date":"2026-06-02","count":4},{"date":"2026-06-03","count":4},{"date":"2026-06-10","count":1},{"date":"2026-06-15","count":2},{"date":"2026-06-20","count":2}],"recent_events":[{"timestamp":"2026-06-20T17:55:55","port":7,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:7\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a370d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:WS3raMF9J+qfITvJwBPUA+uDkEY=","ja3":"","session":"8b7d5f82-58e0-4582-8803-a3f6dc325c7d","seq":1,"duration_ms":100,"bytes_in":55,"bytes_out":77},{"timestamp":"2026-06-20T17:55:54","port":7,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:7\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a370d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:/iYknCpC7IcJm7HDumn31+bwCHU=","ja3":"9460af62ae0af667130bf0d36514f084","session":"0b5385c2-2644-438d-aa10-687d5ea2e3e1","seq":1,"duration_ms":0,"bytes_in":55,"bytes_out":77},{"timestamp":"2026-06-15T18:17:03","port":22105,"proto":"tcp","app_proto":"","app_protocol":"ftp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"USER anonymous\r\n","payload_hex":"5553455220616e6f6e796d6f75730d0a","method":"","user_agent":"","community_id":"1:OX4TbtS99bpu67nRcUWhL8kyNdI=","ja3":"","session":"36e71ad2-cb80-479d-9762-7288fdd069a8","seq":1,"duration_ms":100,"bytes_in":16,"bytes_out":12,"enriched":{"digest":"e359d5ec0fa58580","label":"FTP","strings":["USER anonymous"]}},{"timestamp":"2026-06-15T18:16:53","port":22105,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:22105\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32323130350d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:RRVJs/pn23vrxB6MTTiMPLcmQ1w=","ja3":"","session":"7db79427-f44a-4d3a-bde8-8a43b765e420","seq":1,"duration_ms":100,"bytes_in":57,"bytes_out":77},{"timestamp":"2026-06-10T15:47:57","port":1720,"proto":"tcp","app_proto":"","app_protocol":"ftp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"USER anonymous\r\n","payload_hex":"5553455220616e6f6e796d6f75730d0a","method":"","user_agent":"","community_id":"1:1q23uimn4uduyNAwNGCY7bJKaQU=","ja3":"","session":"ec496a94-a0c0-44fb-baf6-a5b9030ca87c","seq":1,"duration_ms":100,"bytes_in":16,"bytes_out":12,"enriched":{"digest":"e359d5ec0fa58580","label":"FTP","strings":["USER anonymous"]}},{"timestamp":"2026-06-03T20:49:07","port":3372,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:3372\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a333337320d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:4v1z705/LVljskUu5ZMccZMAUJA=","ja3":"","session":"9940002f-17c1-4c7e-8554-b8819d9d9dd2","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-06-03T11:53:56","port":5008,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:5008\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a353030380d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:AbI55wvtLnZn4wELna5iPKghpew=","ja3":"","session":"60b8097e-7ca6-45ed-bb5c-ac8ddbc25fce","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-06-03T00:31:54","port":1344,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:1344\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a313334340d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:4IQEGNgAbN056yd1K8M0Kkm4y88=","ja3":"","session":"ba8ed16c-2038-4670-9405-e63e775ce9d8","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-06-03T00:31:53","port":1344,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"REQMOD icap://icap-server.net/server?arg=87 ICAP/1.0\r\nHost: icap-server.net\r\nEncapsulated: req-hdr=0, req-body=154\r\n\r\nPOST /origin-resource/form.pl HTTP/1.1\r\nHost: www.origin-server.com\r\nAccept: text/html, text/plain\r\nAccept-Encoding: compress\r\nCache-Control: no-cache\r\n\r\n1e\r\nI am posting this information.\r\n0\r\n\r\n","payload_hex":"5245514d4f4420696361703a2f2f696361702d7365727665722e6e65742f7365727665723f6172673d383720494341502f312e300d0a486f73743a20696361702d7365727665722e6e65740d0a456e63617073756c617465643a207265712d6864723d302c207265712d626f64793d3135340d0a0d0a504f5354202f6f726967696e2d7265736f757263652f666f726d2e706c20485454502f312e310d0a486f73743a207777772e6f726967696e2d7365727665722e636f6d0d0a4163636570743a20746578742f68746d6c2c20746578742f706c61696e0d0a4163636570742d456e636f64696e673a20636f6d70726573730d0a43616368652d436f6e74726f6c3a206e6f2d63616368650d0a0d0a31650d0a4920616d20706f7374696e67207468697320696e666f726d6174696f6e2e0d0a300d0a0d0a","method":"","user_agent":"","community_id":"1:FBs8L2h0EzBwoVqy4p2fWUwo+pE=","ja3":"","session":"07383d65-9abc-4f8f-8914-9a27a6d50c34","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"33b0c43e2c8ce494","strings":["REQMOD icap://icap-server.net/server?arg=87 ICAP/1.0","Host: icap-server.net","Encapsulated: req-hdr=0, req-body=154","POST /origin-resource/form.pl HTTP/1.1","Host: www.origin-server.com","Accept: text/html, text/plain","Accept-Encoding: compress","Cache-Control: no-cache","I am posting this information."],"iocs":{"domains":["icap-server.net","form.pl","www.origin-server.com"],"paths":["/icap-server.net/server","/origin-resource/form.pl"]}}},{"timestamp":"2026-06-02T21:35:07","port":4190,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:4190\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a343139300d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:Y/GGfoLfO1Qa+s8qsVQcyh0oF04=","ja3":"","session":"30c45ae5-7009-44be-82e0-09f9d4fbe2cd","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0}],"http_methods":[{"method":"GET","count":143},{"method":"POST","count":1}],"distinct_ports_total":124,"top_paths":[{"path":"/","count":138,"ports":121},{"path":"/favicon.ico","count":5,"ports":5},{"path":"/v2/vectordb/collections/describe","count":1,"ports":1}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[],"top_alpns":[{"value":"h2, http/1.1","count":6}],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Host"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Host","value":"<HONEYPOT>:7","notable":false}],"distinct_sets":1,"events_with_headers":7},"tags":[],"data_as_of":"2026-06-21T14:04:21.667368+00:00"}