{"ip":"165.154.36.91","total_events":97,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"fofa","confidence":"high","network_type":null,"why":["Source IP is in a known scanner range (fofa).","Known research and commercial scanners are labelled as such, not as threats."]},"first_seen":"2026-02-25T15:53:14","last_seen":"2026-07-04T02:24:25","events_24h":0,"events_7d":6,"geo":{"country_code":"US","country_name":"United States","region":"California","city":"Los Angeles","lat":34.0544,"lon":-118.244,"asn":135377,"org":"UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED"},"source_domain":null,"known_scanners":["fofa"],"scanner_tag":null,"cve_matches":[],"malware":[],"top_ports":[{"port":443,"proto":"tcp","label":"HTTPS","count":43},{"port":80,"proto":"tcp","label":"HTTP","count":41},{"port":25,"proto":"tcp","label":"SMTP","count":13}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190900_9dc949149365_e7c285222651"],"tls_ja3":["9460af62ae0af667130bf0d36514f084"],"ja4h":["ge11nn0200_e5a56608905c","ge11nn0200_79258615d613"]},"fingerprint_peers":{"t13i190900_9dc949149365_e7c285222651":3825,"ge11nn0200_79258615d613":4581,"ge11nn0200_e5a56608905c":38},"user_agents":["NTRIP GNSSInternetRadio"],"timeline":[{"date":"2026-04-21","count":1},{"date":"2026-04-29","count":19},{"date":"2026-05-06","count":12},{"date":"2026-05-12","count":1},{"date":"2026-06-01","count":1},{"date":"2026-06-04","count":12},{"date":"2026-06-13","count":3},{"date":"2026-07-02","count":3},{"date":"2026-07-04","count":3}],"recent_events":[{"timestamp":"2026-07-04T02:24:25","port":25,"proto":"tcp","app_proto":"","app_protocol":"ftp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"USER anonymous\r\n","payload_hex":"5553455220616e6f6e796d6f75730d0a","method":"","user_agent":"","community_id":"1:J2Ao7h63BI/mJPoMX98Sz6vvwwE=","ja3":"","session":"e258f1e7-784a-4fa7-924c-9588f5bcd657","seq":1,"duration_ms":54,"bytes_in":16,"bytes_out":40,"enriched":{"digest":"e359d5ec0fa58580","label":"FTP","strings":["USER anonymous"]}},{"timestamp":"2026-07-04T02:24:16","port":25,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:25\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32350d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:NV+HEyGkPud0+2k9468jCGXS65g=","ja3":"","session":"dcee3d39-c1e5-451b-8203-a5918a14b2d0","seq":1,"duration_ms":100,"bytes_in":54,"bytes_out":40},{"timestamp":"2026-07-04T02:24:16","port":25,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:25\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32350d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:FcBRdYaBo74KwYoBZK4lgTqaWVY=","ja3":"9460af62ae0af667130bf0d36514f084","session":"640d260b-ff84-4f2c-8eef-2f7951b270fe","seq":1,"duration_ms":53,"bytes_in":54,"bytes_out":40},{"timestamp":"2026-07-02T08:04:23","port":25,"proto":"tcp","app_proto":"","app_protocol":"ftp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"USER anonymous\r\n","payload_hex":"5553455220616e6f6e796d6f75730d0a","method":"","user_agent":"","community_id":"1:cWYCIreSv3spST2QutjvzIWk7xQ=","ja3":"","session":"aac568f4-2b29-4af2-a315-de0e51276bd3","seq":1,"duration_ms":48,"bytes_in":16,"bytes_out":40,"enriched":{"digest":"e359d5ec0fa58580","label":"FTP","strings":["USER anonymous"]}},{"timestamp":"2026-07-02T08:04:15","port":25,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:25\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32350d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:tV7nxB2zwp+wfX/8AKnUEvREN3I=","ja3":"","session":"01dbc677-5971-40e0-9774-ee60fa4a6d0d","seq":1,"duration_ms":49,"bytes_in":54,"bytes_out":40},{"timestamp":"2026-07-02T08:04:15","port":25,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:25\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32350d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:7BYoA+luiA5Tx3anFwL78waLs98=","ja3":"9460af62ae0af667130bf0d36514f084","session":"a8bb8ec1-bb68-4bcb-8af7-f1ee34992f41","seq":1,"duration_ms":49,"bytes_in":54,"bytes_out":40},{"timestamp":"2026-06-13T20:02:09","port":25,"proto":"tcp","app_proto":"","app_protocol":"ftp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"USER anonymous\r\n","payload_hex":"5553455220616e6f6e796d6f75730d0a","method":"","user_agent":"","community_id":"1:CfZDbXxB+imhmTh6gEKIVHLXamY=","ja3":"","session":"db7ef46a-7f61-42ce-80d1-9d301e6ae924","seq":1,"duration_ms":54,"bytes_in":16,"bytes_out":40,"enriched":{"digest":"e359d5ec0fa58580","label":"FTP","strings":["USER anonymous"]}},{"timestamp":"2026-06-13T20:02:01","port":25,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:25\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32350d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:ec/T9MJJrXziW4YyRhUzBO38PCg=","ja3":"","session":"752018dd-4f2d-4010-959f-0790ec15c355","seq":1,"duration_ms":54,"bytes_in":54,"bytes_out":40},{"timestamp":"2026-06-13T20:02:01","port":25,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:25\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32350d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:9ZVL63dz88NCeOc9txAVaevM7iA=","ja3":"9460af62ae0af667130bf0d36514f084","session":"4e314ad5-fde3-4585-af11-7cc1f45c6f15","seq":1,"duration_ms":54,"bytes_in":54,"bytes_out":40},{"timestamp":"2026-06-04T01:59:36","port":443,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:443\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a3434330d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:lj8Vio58Al/JSXQKDiwfGCzaV6w=","ja3":"","session":"3842cbeb-36bc-42b6-a5e0-f3f1d20d351e","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0}],"http_methods":[{"method":"GET","count":25}],"distinct_ports_total":3,"top_paths":[{"path":"/","count":21,"ports":3},{"path":"/v1","count":2,"ports":1},{"path":"/version","count":2,"ports":1}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Host"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Host","value":"<HONEYPOT>:25","notable":false}],"distinct_sets":1,"events_with_headers":7},"tags":[],"data_as_of":"2026-07-05T04:22:41.468284+00:00"}