{"ip":"171.7.220.143","total_events":8,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":"residential ISP"},"first_seen":"2026-05-20T08:47:30","last_seen":"2026-05-20T08:47:36","events_24h":0,"events_7d":0,"geo":{"country_code":"TH","country_name":"Thailand","region":"Songkhla","city":"Hat Yai","lat":7.0202,"lon":100.4718,"asn":45758,"org":"Triple T Broadband Public Company Limited"},"source_domain":"mx-ll-171.7.220-143.dynamic.3bb.co.th","known_scanners":[],"scanner_tag":{"key":"peeringdb:as45758","label":"TripleT Broadband(AIS|3BB)","category":"isp","url":"https://www.peeringdb.com/asn/45758"},"cve_matches":[],"top_ports":[{"port":445,"proto":"tcp","label":"SMB","count":8}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":[]},"fingerprint_peers":{},"user_agents":[],"timeline":[{"date":"2026-05-20","count":8}],"recent_events":[{"timestamp":"2026-05-20T08:47:36","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000N�SMB2\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000A\u0000\u000f\f\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00014�\u0000\u0000\u0000\f\u0000B\u0000\u0000\u0000N\u0000\u0001\u0000\u000e\u0000\r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","payload_hex":"0000004eff534d4232000000001807c00000000000000000000000000000fffe000041000f0c00000001000000000000000134ee0000000c00420000004e0001000e000d0000000000000000000000000000","method":"","user_agent":"","community_id":"1:/rRO4npN9Vt8iqm7okGo0JOorEw=","ja3":"","session":"bdbe0559-5b04-4998-a9ba-edf418ee8907","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"5eae6febc6763bcc","strings":["SMB2"]}},{"timestamp":"2026-05-20T08:47:35","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000\\�SMBu\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000@\u0000\u0004�\u0000\\\u0000\b\u0000\u0001\u00001\u0000\u0000\\\u0000\\\u00001\u00009\u00002\u0000.\u00001\u00006\u00008\u0000.\u00005\u00006\u0000.\u00002\u00000\u0000\\\u0000I\u0000P\u0000C\u0000$\u0000\u0000\u0000?????\u0000","payload_hex":"0000005cff534d4275000000001807c00000000000000000000000000000fffe0000400004ff005c00080001003100005c005c003100390032002e003100360038002e00350036002e00320030005c00490050004300240000003f3f3f3f3f00","method":"","user_agent":"","community_id":"1:/rRO4npN9Vt8iqm7okGo0JOorEw=","ja3":"","session":"bdbe0559-5b04-4998-a9ba-edf418ee8907","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"efa66fc9f9be2f3a","strings":["SMBu","1\\\\192.168.56.20\\IPC$?????"],"iocs":{"ips":["192.168.56.20"]}}},{"timestamp":"2026-05-20T08:47:35","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000��SMBs\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000@\u0000\r�\u0000�\u0000\u0004\u0011\n\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000�\u0000\u0000\u0000K\u0000\u0000\u0000\u0000\u0000\u0000W\u0000i\u0000n\u0000d\u0000o\u0000w\u0000s\u0000 \u00002\u00000\u00000\u00000\u0000 \u00002\u00001\u00009\u00005\u0000\u0000\u0000W\u0000i\u0000n\u0000d\u0000o\u0000w\u0000s\u0000 \u00002\u00000\u00000\u00000\u0000 \u00005\u0000.\u00000\u0000\u0000\u0000","payload_hex":"00000088ff534d4273000000001807c00000000000000000000000000000fffe000040000dff00880004110a000000000000000100000000000000d40000004b000000000000570069006e0064006f007700730020003200300030003000200032003100390035000000570069006e0064006f007700730020003200300030003000200035002e0030000000","method":"","user_agent":"","community_id":"1:/rRO4npN9Vt8iqm7okGo0JOorEw=","ja3":"","session":"bdbe0559-5b04-4998-a9ba-edf418ee8907","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"ee47b9d34e56607b","strings":["SMBs","KWindows 2000 2195Windows 2000 5.0"]}},{"timestamp":"2026-05-20T08:47:35","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000��SMBr\u0000\u0000\u0000\u0000\u0018S�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000@\u0000\u0000b\u0000\u0002PC NETWORK PROGRAM 1.0\u0000\u0002LANMAN1.0\u0000\u0002Windows for Workgroups 3.1a\u0000\u0002LM1.2X002\u0000\u0002LANMAN2.1\u0000\u0002NT LM 0.12\u0000","payload_hex":"00000085ff534d4272000000001853c00000000000000000000000000000fffe00004000006200025043204e4554574f524b2050524f4752414d20312e3000024c414e4d414e312e30000257696e646f777320666f7220576f726b67726f75707320332e316100024c4d312e325830303200024c414e4d414e322e3100024e54204c4d20302e313200","method":"","user_agent":"","community_id":"1:/rRO4npN9Vt8iqm7okGo0JOorEw=","ja3":"","session":"bdbe0559-5b04-4998-a9ba-edf418ee8907","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"bf5baf1504bec0a1","strings":["SMBr","PC NETWORK PROGRAM 1.0","LANMAN1.0","Windows for Workgroups 3.1a","LM1.2X002","LANMAN2.1","NT LM 0.12"]}},{"timestamp":"2026-05-20T08:47:31","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000J�SMB%\u0000\u0000\u0000\u0000\u0018\u0001(\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0010\u0000\u0000\u0000\u0000����\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000J\u0000\u0000\u0000J\u0000\u0002\u0000#\u0000\u0000\u0000\u0007\u0000\\PIPE\\\u0000","payload_hex":"0000004aff534d42250000000018012800000000000000000000000000000000000000001000000000ffffffff0000000000000000000000004a0000004a0002002300000007005c504950455c00","method":"","user_agent":"","community_id":"1:k50bocaKTbURBWjVR2wYbK2lihU=","ja3":"","session":"719b71b3-5acc-49cc-a014-c230f3eb5e3f","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"517764f22c39500b","strings":["SMB%","\\PIPE\\"]}},{"timestamp":"2026-05-20T08:47:31","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000[�SMBu\u0000\u0000\u0000\u0000\u0018\u0001 \u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000/K\u0000\u0000�^\u0004�\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u001c\u0000\u0000\\\\8.233.189.1\\IPC$\u0000?????\u0000EEPATH_REPLACE__?????\u0000","payload_hex":"0000005bff534d42750000000018012000000000000000000000000000002f4b0000c55e04ff000000000001001c00005c5c382e3233332e3138392e315c49504324003f3f3f3f3f004545504154485f5245504c4143455f5f3f3f3f3f3f00","method":"","user_agent":"","community_id":"1:k50bocaKTbURBWjVR2wYbK2lihU=","ja3":"","session":"719b71b3-5acc-49cc-a014-c230f3eb5e3f","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"474d1efc974ce3dd","strings":["SMBu","\\\\8.233.189.1\\IPC$","EEPATH_REPLACE__?????","\\\\8.233.189.1\\IPC$?????EEPATH_REPLACE__?????"],"iocs":{"ips":["8.233.189.1"]}}},{"timestamp":"2026-05-20T08:47:30","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000c�SMBs\u0000\u0000\u0000\u0000\u0018\u0001 \u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000/K\u0000\u0000�^\r�\u0000\u0000\u0000��\u0002\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000@\u0000\u0000\u0000&\u0000\u0000.\u0000Windows 2000 2195\u0000Windows 2000 5.0\u0000","payload_hex":"00000063ff534d42730000000018012000000000000000000000000000002f4b0000c55e0dff000000dfff02000100000000000000000000000000400000002600002e0057696e646f7773203230303020323139350057696e646f7773203230303020352e3000","method":"","user_agent":"","community_id":"1:k50bocaKTbURBWjVR2wYbK2lihU=","ja3":"","session":"719b71b3-5acc-49cc-a014-c230f3eb5e3f","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"247ca2c967be2946","strings":["SMBs","Windows 2000 2195","Windows 2000 5.0","@&.Windows 2000 2195Windows 2000 5.0"]}},{"timestamp":"2026-05-20T08:47:30","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000T�SMBr\u0000\u0000\u0000\u0000\u0018\u0001(\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000/K\u0000\u0000�^\u00001\u0000\u0002LANMAN1.0\u0000\u0002LM1.2X002\u0000\u0002NT LANMAN 1.0\u0000\u0002NT LM 0.12\u0000","payload_hex":"00000054ff534d42720000000018012800000000000000000000000000002f4b0000c55e003100024c414e4d414e312e3000024c4d312e325830303200024e54204c414e4d414e20312e3000024e54204c4d20302e313200","method":"","user_agent":"","community_id":"1:k50bocaKTbURBWjVR2wYbK2lihU=","ja3":"","session":"719b71b3-5acc-49cc-a014-c230f3eb5e3f","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"0468c709cd31eaf8","strings":["SMBr","LANMAN1.0","LM1.2X002","NT LANMAN 1.0","NT LM 0.12"]}}],"http_methods":[],"distinct_ports_total":1,"top_paths":[],"distinct_paths_total":0,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":null,"tags":[],"data_as_of":"2026-07-02T12:42:32.121798+00:00"}