{"ip":"152.32.170.42","total_events":370,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"fofa","confidence":"high","network_type":null,"why":["Source IP is in a known scanner range (fofa).","Known research and commercial scanners are labelled as such, not as threats."]},"first_seen":"2026-02-23T23:05:00","last_seen":"2026-07-05T02:00:53","events_24h":3,"events_7d":14,"geo":{"country_code":"HK","country_name":"Hong Kong","region":"","city":"Hong Kong","lat":22.2842,"lon":114.1759,"asn":135377,"org":"UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED"},"source_domain":"mail.fuhuaxisu.com.cn","known_scanners":["fofa"],"scanner_tag":null,"cve_matches":[],"malware":[],"top_ports":[{"port":5601,"proto":"tcp","label":"Kibana","count":27},{"port":7777,"proto":"tcp","label":"Oracle","count":24},{"port":10000,"proto":"tcp","label":"Webmin","count":22},{"port":8000,"proto":"tcp","label":"HTTP-alt","count":22},{"port":8888,"proto":"tcp","label":"HTTP-alt","count":20},{"port":8080,"proto":"tcp","label":"HTTP-alt","count":17},{"port":9200,"proto":"tcp","label":"Elastic","count":16},{"port":443,"proto":"tcp","label":"HTTPS","count":12},{"port":10001,"proto":"tcp","label":"","count":11},{"port":1025,"proto":"tcp","label":"","count":9},{"port":10002,"proto":"tcp","label":"","count":7},{"port":8002,"proto":"tcp","label":"","count":7},{"port":110,"proto":"tcp","label":"POP3","count":7},{"port":7000,"proto":"tcp","label":"","count":7},{"port":27017,"proto":"tcp","label":"MongoDB","count":7}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190900_9dc949149365_e7c285222651","t13i1910h2_9dc949149365_e7c285222651"],"tls_ja3":["9460af62ae0af667130bf0d36514f084","c817aa2c11bd73320f909678c095d63f"],"ja4h":["ge11nn0200_e5a56608905c","ge11nn06zh_52bcf4772082","ge11nn0200_79258615d613","ge11nr06zh_d58dc9afd453"]},"fingerprint_peers":{"t13i1910h2_9dc949149365_e7c285222651":142,"t13i190900_9dc949149365_e7c285222651":3829,"ge11nr06zh_d58dc9afd453":165,"ge11nn06zh_52bcf4772082":166,"ge11nn0200_79258615d613":4585,"ge11nn0200_e5a56608905c":38},"user_agents":["NTRIP GNSSInternetRadio","Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"],"timeline":[{"date":"2026-04-06","count":1},{"date":"2026-04-08","count":5},{"date":"2026-04-18","count":3},{"date":"2026-04-19","count":7},{"date":"2026-04-20","count":1},{"date":"2026-04-23","count":10},{"date":"2026-04-25","count":13},{"date":"2026-04-26","count":6},{"date":"2026-04-27","count":28},{"date":"2026-04-28","count":18},{"date":"2026-04-29","count":1},{"date":"2026-04-30","count":10},{"date":"2026-05-01","count":4},{"date":"2026-05-04","count":8},{"date":"2026-05-05","count":7},{"date":"2026-05-06","count":1},{"date":"2026-05-07","count":1},{"date":"2026-05-08","count":2},{"date":"2026-05-09","count":1},{"date":"2026-05-10","count":9},{"date":"2026-05-11","count":3},{"date":"2026-05-12","count":6},{"date":"2026-05-13","count":9},{"date":"2026-05-14","count":18},{"date":"2026-05-15","count":4},{"date":"2026-05-19","count":2},{"date":"2026-05-20","count":4},{"date":"2026-05-21","count":9},{"date":"2026-05-22","count":14},{"date":"2026-05-26","count":2},{"date":"2026-05-29","count":1},{"date":"2026-05-31","count":1},{"date":"2026-06-01","count":4},{"date":"2026-06-04","count":1},{"date":"2026-06-05","count":1},{"date":"2026-06-06","count":13},{"date":"2026-06-07","count":1},{"date":"2026-06-08","count":2},{"date":"2026-06-09","count":3},{"date":"2026-06-11","count":1},{"date":"2026-06-12","count":1},{"date":"2026-06-13","count":2},{"date":"2026-06-14","count":10},{"date":"2026-06-15","count":9},{"date":"2026-06-16","count":2},{"date":"2026-06-17","count":1},{"date":"2026-06-18","count":1},{"date":"2026-06-19","count":4},{"date":"2026-06-20","count":1},{"date":"2026-06-21","count":1},{"date":"2026-06-24","count":3},{"date":"2026-06-26","count":3},{"date":"2026-06-27","count":5},{"date":"2026-06-28","count":3},{"date":"2026-06-30","count":5},{"date":"2026-07-02","count":3},{"date":"2026-07-05","count":3}],"recent_events":[{"timestamp":"2026-07-05T02:00:53","port":25,"proto":"tcp","app_proto":"","app_protocol":"ftp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"USER anonymous\r\n","payload_hex":"5553455220616e6f6e796d6f75730d0a","method":"","user_agent":"","community_id":"1:HYcJ8UsQivp9L7maX3FmqJ9/+FM=","ja3":"","session":"f940900e-8d21-4768-8713-2693f632302b","seq":1,"duration_ms":100,"bytes_in":16,"bytes_out":40,"enriched":{"digest":"e359d5ec0fa58580","label":"FTP","strings":["USER anonymous"]}},{"timestamp":"2026-07-05T02:00:44","port":25,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:25\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32350d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:ZNrTuwENi0ABmEYLxdd5DQwfRiA=","ja3":"","session":"29532c39-7b22-46b3-ab27-5da6dccdf52f","seq":1,"duration_ms":101,"bytes_in":55,"bytes_out":40},{"timestamp":"2026-07-05T02:00:44","port":25,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:25\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32350d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:DTD1Cz0c1lCg99hJmMh5I3NicFs=","ja3":"9460af62ae0af667130bf0d36514f084","session":"cc1a7ddb-35fe-42d6-8e82-3c602cdf6014","seq":1,"duration_ms":100,"bytes_in":55,"bytes_out":40},{"timestamp":"2026-07-02T18:58:30","port":8839,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\",\"accept-charset\":\"GBK,utf-8;q=0.7,*;q=0.3\",\"accept-language\":\"zh-CN,zh;q=0.8\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:8839\",\"referer\":\"https://<HONEYPOT>:8839\",\"user-agent\":\"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/favicon.ico","summary":"","payload_hex":"474554202f66617669636f6e2e69636f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383833390d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e3129204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f34392e302e323632332e313132205361666172692f3533372e33360d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c2a2f2a3b713d302e380d0a4163636570742d436861727365743a2047424b2c7574662d383b713d302e372c2a3b713d302e330d0a4163636570742d4c616e67756167653a207a682d434e2c7a683b713d302e380d0a526566657265723a2068747470733a2f2f<HONEYPOT>3a383833390d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36","community_id":"1:9q928GJn3v1qp+OrQuqOfpEzJB8=","ja3":"c817aa2c11bd73320f909678c095d63f","session":"cbd46eee-e08b-4bd2-a594-a37c962a826c","seq":1,"duration_ms":100,"bytes_in":372,"bytes_out":78},{"timestamp":"2026-07-02T18:58:29","port":8839,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\",\"accept-charset\":\"GBK,utf-8;q=0.7,*;q=0.3\",\"accept-language\":\"zh-CN,zh;q=0.8\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:8839\",\"user-agent\":\"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383833390d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e3129204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f34392e302e323632332e313132205361666172692f3533372e33360d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c2a2f2a3b713d302e380d0a4163636570742d436861727365743a2047424b2c7574662d383b713d302e372c2a3b713d302e330d0a4163636570742d4c616e67756167653a207a682d434e2c7a683b713d302e380d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36","community_id":"1:qkSXxqRxcRiu46zX2qGxB5/NY3k=","ja3":"c817aa2c11bd73320f909678c095d63f","session":"6dc6a9ba-7ee6-4803-a826-6a0825627a1f","seq":1,"duration_ms":100,"bytes_in":325,"bytes_out":78},{"timestamp":"2026-07-02T18:58:23","port":8839,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:8839\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383833390d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:vO9ZwE2K38IOa4BarGVhQhAFIHg=","ja3":"9460af62ae0af667130bf0d36514f084","session":"16a89295-6165-439a-85a6-5225facbdb91","seq":1,"duration_ms":101,"bytes_in":56,"bytes_out":78},{"timestamp":"2026-06-30T17:39:59","port":53,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\",\"accept-charset\":\"GBK,utf-8;q=0.7,*;q=0.3\",\"accept-language\":\"zh-CN,zh;q=0.8\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:53\",\"referer\":\"https://<HONEYPOT>:53\",\"user-agent\":\"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/favicon.ico","summary":"","payload_hex":"474554202f66617669636f6e2e69636f20485454502f312e310d0a486f73743a20<HONEYPOT>3a35330d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e3129204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f34392e302e323632332e313132205361666172692f3533372e33360d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c2a2f2a3b713d302e380d0a4163636570742d436861727365743a2047424b2c7574662d383b713d302e372c2a3b713d302e330d0a4163636570742d4c616e67756167653a207a682d434e2c7a683b713d302e380d0a526566657265723a2068747470733a2f2f<HONEYPOT>3a35330d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36","community_id":"1:UqOaRx7CcRFfhGxBpWnSiiRPuzk=","ja3":"c817aa2c11bd73320f909678c095d63f","session":"aac95a1b-296f-4f3c-9458-f84b169409d5","seq":1,"duration_ms":100,"bytes_in":368,"bytes_out":78},{"timestamp":"2026-06-30T17:39:58","port":53,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\",\"accept-charset\":\"GBK,utf-8;q=0.7,*;q=0.3\",\"accept-language\":\"zh-CN,zh;q=0.8\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:53\",\"user-agent\":\"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":["h2","http/1.1"],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a35330d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e3129204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f34392e302e323632332e313132205361666172692f3533372e33360d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c2a2f2a3b713d302e380d0a4163636570742d436861727365743a2047424b2c7574662d383b713d302e372c2a3b713d302e330d0a4163636570742d4c616e67756167653a207a682d434e2c7a683b713d302e380d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36","community_id":"1:X6dUPZXdYZQ22OgsWqO4OE+4LyQ=","ja3":"c817aa2c11bd73320f909678c095d63f","session":"6ae29394-51bf-45b3-b052-1dd025d373be","seq":1,"duration_ms":100,"bytes_in":323,"bytes_out":78},{"timestamp":"2026-06-30T17:39:51","port":53,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:53\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a35330d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:62q/3/+IVX8ac/i9wb1sssRxKFM=","ja3":"9460af62ae0af667130bf0d36514f084","session":"2dc147f4-873b-467e-8a09-3b71fa7572f0","seq":1,"duration_ms":100,"bytes_in":54,"bytes_out":78},{"timestamp":"2026-06-30T17:39:51","port":53,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u000f\u0000\u0000\u0000G�0~�\u0001\u0000\u0000�\u0001�","payload_hex":"0f00000047c4307e97010000ca01b4","method":"","user_agent":"","community_id":"1:qn3IgHQa4r5F85vHMJHmWwnWhrs=","ja3":"","session":"b453bf70-c3cb-4149-a45e-288548f6a614","seq":1,"duration_ms":100,"bytes_in":15,"bytes_out":13}],"http_methods":[{"method":"GET","count":134},{"method":"POST","count":1}],"distinct_ports_total":97,"top_paths":[{"path":"/","count":125,"ports":96},{"path":"/favicon.ico","count":6,"ports":6},{"path":"/v1","count":1,"ports":1},{"path":"/version","count":1,"ports":1},{"path":"/api/v2/heartbeat","count":1,"ports":1},{"path":"/v2/vectordb/collections/describe","count":1,"ports":1}],"distinct_paths_total":6,"top_snis":[],"top_hosts":[],"top_alpns":[{"value":"h2, http/1.1","count":11}],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Accept-Charset","Accept-Language","Connection","Host","Referer","User-Agent"],"representative":[{"name":"Accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","notable":false},{"name":"Accept-Charset","value":"GBK,utf-8;q=0.7,*;q=0.3","notable":false},{"name":"Accept-Language","value":"zh-CN,zh;q=0.8","notable":false},{"name":"Connection","value":"close","notable":false},{"name":"Host","value":"<HONEYPOT>:8839","notable":false},{"name":"Referer","value":"https://<HONEYPOT>:8839","notable":true},{"name":"User-Agent","value":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36","notable":false}],"distinct_sets":3,"events_with_headers":8},"tags":[],"data_as_of":"2026-07-05T05:30:25.616506+00:00"}