{"ip":"185.196.220.133","total_events":4070,"verdict":{"verdict":"scanning","label":"Unrecognized scanner","detail":"1843+ ports swept","confidence":"medium","network_type":"CDN"},"first_seen":"2026-03-05T10:52:07","last_seen":"2026-06-22T10:38:38","events_24h":644,"events_7d":1192,"geo":{"country_code":"NL","country_name":"Netherlands","region":"","city":"","lat":52.3824,"lon":4.8995,"asn":213438,"org":"ColocaTel Inc."},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as213438","label":"colocatel-inc","category":"cdn","url":"https://www.peeringdb.com/asn/213438"},"cve_matches":[],"top_ports":[{"port":3389,"proto":"tcp","label":"RDP","count":36},{"port":3390,"proto":"tcp","label":"","count":23},{"port":3391,"proto":"tcp","label":"","count":18},{"port":443,"proto":"tcp","label":"HTTPS","count":16},{"port":6666,"proto":"tcp","label":"","count":8},{"port":6996,"proto":"tcp","label":"","count":8},{"port":3380,"proto":"tcp","label":"","count":8},{"port":8888,"proto":"tcp","label":"HTTP-alt","count":8},{"port":1318,"proto":"tcp","label":"","count":8},{"port":5188,"proto":"tcp","label":"","count":8},{"port":16899,"proto":"tcp","label":"","count":8},{"port":4001,"proto":"tcp","label":"","count":8},{"port":3386,"proto":"tcp","label":"","count":8},{"port":33898,"proto":"tcp","label":"","count":8},{"port":63389,"proto":"tcp","label":"","count":8}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i131200_f57a46bbacb6_fb48f8b98a29"],"tls_ja3":[],"ja4h":["ge11nn04en_171d872ea17d"]},"fingerprint_peers":{"t13i131200_f57a46bbacb6_fb48f8b98a29":35,"ge11nn04en_171d872ea17d":33},"user_agents":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15"],"timeline":[{"date":"2026-04-07","count":840},{"date":"2026-05-06","count":305},{"date":"2026-05-07","count":233},{"date":"2026-05-14","count":6},{"date":"2026-05-22","count":8},{"date":"2026-05-30","count":6},{"date":"2026-06-20","count":287},{"date":"2026-06-21","count":594},{"date":"2026-06-22","count":311}],"recent_events":[{"timestamp":"2026-06-22T10:38:38","port":20856,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:LkHTOl5YxeRQlbMLZpqZ3Wjip4Y=","ja3":"","session":"152a69e9-3e0d-4fff-b2b4-f0cb9195bca1","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":15,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:35:34","port":23234,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:j8Ykt1GZe/SCiluCKOC65pjdrvo=","ja3":"","session":"d06d2d79-1ada-4a38-a7bf-ace4ef4792e1","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":15,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:34:04","port":23045,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:KifHlcMf8baQDOicjXS00/iaoFU=","ja3":"","session":"94b10e6c-8f57-4503-9d43-16ab56c14f63","seq":1,"duration_ms":101,"bytes_in":47,"bytes_out":15,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:32:33","port":60832,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:TrQUI+XTV/kpyMQipKPdtiChORc=","ja3":"","session":"fc816c9d-e791-405e-bb0b-e26f112867f6","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":15,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:30:01","port":10118,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:tZ8fwDG8fQzC4EmaETQtyAsz9cE=","ja3":"","session":"54ad5a03-1b45-4275-9131-d93b83849e8e","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":15,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:28:39","port":20346,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:HdDtq/2mPXehIvIpbwEOF9FCMG0=","ja3":"","session":"abcfc56c-96b5-45d9-bf1b-37f1507b5325","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":15,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:28:18","port":46734,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:5mm5fj/zUh+p20dADimFha7TZMQ=","ja3":"","session":"8c17030a-70d3-4aa6-bdb5-912b0b0a43ad","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":15,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:27:11","port":63151,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:y0Ql0yPU2f36emu6hyG/dxy+k24=","ja3":"","session":"b71ae997-ab4d-441e-955b-6bdc16b5f244","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":15,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:19:16","port":23234,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:4I1SjnGo9EOGwoGG2x4pwRz/KcM=","ja3":"","session":"e79cea45-e4d3-403f-ab77-d18de8db5852","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":15,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:18:11","port":34738,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:CvP5xqcLo5qY6dP/zvBK6WlXwFI=","ja3":"","session":"031c218b-250c-446d-ae5d-8793b914cb03","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":15,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}}],"http_methods":[{"method":"GET","count":20}],"distinct_ports_total":1843,"top_paths":[{"path":"/RDWeb/Pages/","count":20,"ports":8}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":null,"tags":[],"data_as_of":"2026-06-22T10:39:38.856391+00:00"}