{"ip":"196.219.206.20","total_events":24,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":"nsp"},"first_seen":"2026-05-19T10:25:59","last_seen":"2026-06-20T08:20:56","events_24h":0,"events_7d":0,"geo":{"country_code":"EG","country_name":"Egypt","region":"Cairo Governorate","city":"Madinaty","lat":30.0964,"lon":31.6595,"asn":8452,"org":"TE Data"},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as8452","label":"Telecom Egypt","category":"isp","url":"https://www.peeringdb.com/asn/8452"},"cve_matches":[],"top_ports":[{"port":445,"proto":"tcp","label":"SMB","count":24}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":[]},"fingerprint_peers":{},"user_agents":[],"timeline":[{"date":"2026-05-19","count":16},{"date":"2026-06-20","count":8}],"recent_events":[{"timestamp":"2026-06-20T08:20:56","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000N�SMB2\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000A\u0000\u000f\f\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00014�\u0000\u0000\u0000\f\u0000B\u0000\u0000\u0000N\u0000\u0001\u0000\u000e\u0000\r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","payload_hex":"0000004eff534d4232000000001807c00000000000000000000000000000fffe000041000f0c00000001000000000000000134ee0000000c00420000004e0001000e000d0000000000000000000000000000","method":"","user_agent":"","community_id":"1:hk4s6pg/pcDL1nlUpunqGEqlLE4=","ja3":"","session":"f4cc410c-486f-446c-8ee4-140d7e6c7a71","seq":4,"duration_ms":922,"bytes_in":455,"bytes_out":56,"enriched":{"digest":"5eae6febc6763bcc","strings":["SMB2"]}},{"timestamp":"2026-06-20T08:20:56","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000\\�SMBu\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000@\u0000\u0004�\u0000\\\u0000\b\u0000\u0001\u00001\u0000\u0000\\\u0000\\\u00001\u00009\u00002\u0000.\u00001\u00006\u00008\u0000.\u00005\u00006\u0000.\u00002\u00000\u0000\\\u0000I\u0000P\u0000C\u0000$\u0000\u0000\u0000?????\u0000","payload_hex":"0000005cff534d4275000000001807c00000000000000000000000000000fffe0000400004ff005c00080001003100005c005c003100390032002e003100360038002e00350036002e00320030005c00490050004300240000003f3f3f3f3f00","method":"","user_agent":"","community_id":"1:hk4s6pg/pcDL1nlUpunqGEqlLE4=","ja3":"","session":"f4cc410c-486f-446c-8ee4-140d7e6c7a71","seq":3,"duration_ms":649,"bytes_in":373,"bytes_out":42,"enriched":{"digest":"efa66fc9f9be2f3a","strings":["SMBu","1\\\\192.168.56.20\\IPC$?????"],"iocs":{"ips":["192.168.56.20"]}}},{"timestamp":"2026-06-20T08:20:55","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000��SMBs\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000@\u0000\r�\u0000�\u0000\u0004\u0011\n\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000�\u0000\u0000\u0000K\u0000\u0000\u0000\u0000\u0000\u0000W\u0000i\u0000n\u0000d\u0000o\u0000w\u0000s\u0000 \u00002\u00000\u00000\u00000\u0000 \u00002\u00001\u00009\u00005\u0000\u0000\u0000W\u0000i\u0000n\u0000d\u0000o\u0000w\u0000s\u0000 \u00002\u00000\u00000\u00000\u0000 \u00005\u0000.\u00000\u0000\u0000\u0000","payload_hex":"00000088ff534d4273000000001807c00000000000000000000000000000fffe000040000dff00880004110a000000000000000100000000000000d40000004b000000000000570069006e0064006f007700730020003200300030003000200032003100390035000000570069006e0064006f007700730020003200300030003000200035002e0030000000","method":"","user_agent":"","community_id":"1:hk4s6pg/pcDL1nlUpunqGEqlLE4=","ja3":"","session":"f4cc410c-486f-446c-8ee4-140d7e6c7a71","seq":2,"duration_ms":370,"bytes_in":277,"bytes_out":28,"enriched":{"digest":"ee47b9d34e56607b","strings":["SMBs","KWindows 2000 2195Windows 2000 5.0"]}},{"timestamp":"2026-06-20T08:20:55","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000��SMBr\u0000\u0000\u0000\u0000\u0018S�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000@\u0000\u0000b\u0000\u0002PC NETWORK PROGRAM 1.0\u0000\u0002LANMAN1.0\u0000\u0002Windows for Workgroups 3.1a\u0000\u0002LM1.2X002\u0000\u0002LANMAN2.1\u0000\u0002NT LM 0.12\u0000","payload_hex":"00000085ff534d4272000000001853c00000000000000000000000000000fffe00004000006200025043204e4554574f524b2050524f4752414d20312e3000024c414e4d414e312e30000257696e646f777320666f7220576f726b67726f75707320332e316100024c4d312e325830303200024c414e4d414e322e3100024e54204c4d20302e313200","method":"","user_agent":"","community_id":"1:hk4s6pg/pcDL1nlUpunqGEqlLE4=","ja3":"","session":"f4cc410c-486f-446c-8ee4-140d7e6c7a71","seq":1,"duration_ms":100,"bytes_in":137,"bytes_out":14,"enriched":{"digest":"bf5baf1504bec0a1","strings":["SMBr","PC NETWORK PROGRAM 1.0","LANMAN1.0","Windows for Workgroups 3.1a","LM1.2X002","LANMAN2.1","NT LM 0.12"]}},{"timestamp":"2026-06-20T08:20:52","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000J�SMB%\u0000\u0000\u0000\u0000\u0018\u0001(\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0010\u0000\u0000\u0000\u0000����\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000J\u0000\u0000\u0000J\u0000\u0002\u0000#\u0000\u0000\u0000\u0007\u0000\\PIPE\\\u0000","payload_hex":"0000004aff534d42250000000018012800000000000000000000000000000000000000001000000000ffffffff0000000000000000000000004a0000004a0002002300000007005c504950455c00","method":"","user_agent":"","community_id":"1:ugYJrJX182P06NSxz/HFNacxmHE=","ja3":"","session":"53782f35-5e1d-448e-9871-cda19961fefa","seq":4,"duration_ms":903,"bytes_in":364,"bytes_out":56,"enriched":{"digest":"517764f22c39500b","strings":["SMB%","\\PIPE\\"]}},{"timestamp":"2026-06-20T08:20:51","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000[�SMBu\u0000\u0000\u0000\u0000\u0018\u0001 \u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000/K\u0000\u0000�^\u0004�\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u001c\u0000\u0000\\\\136.68.96.1\\IPC$\u0000?????\u0000EEPATH_REPLACE__?????\u0000","payload_hex":"0000005bff534d42750000000018012000000000000000000000000000002f4b0000c55e04ff000000000001001c00005c5c3133362e36382e39362e315c49504324003f3f3f3f3f004545504154485f5245504c4143455f5f3f3f3f3f3f00","method":"","user_agent":"","community_id":"1:ugYJrJX182P06NSxz/HFNacxmHE=","ja3":"","session":"53782f35-5e1d-448e-9871-cda19961fefa","seq":3,"duration_ms":637,"bytes_in":286,"bytes_out":42,"enriched":{"digest":"b5ac039a5f356311","strings":["SMBu","\\\\136.68.96.1\\IPC$","EEPATH_REPLACE__?????","\\\\136.68.96.1\\IPC$?????EEPATH_REPLACE__?????"],"iocs":{"ips":["136.68.96.1"]}}},{"timestamp":"2026-06-20T08:20:51","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000c�SMBs\u0000\u0000\u0000\u0000\u0018\u0001 \u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000/K\u0000\u0000�^\r�\u0000\u0000\u0000��\u0002\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000@\u0000\u0000\u0000&\u0000\u0000.\u0000Windows 2000 2195\u0000Windows 2000 5.0\u0000","payload_hex":"00000063ff534d42730000000018012000000000000000000000000000002f4b0000c55e0dff000000dfff02000100000000000000000000000000400000002600002e0057696e646f7773203230303020323139350057696e646f7773203230303020352e3000","method":"","user_agent":"","community_id":"1:ugYJrJX182P06NSxz/HFNacxmHE=","ja3":"","session":"53782f35-5e1d-448e-9871-cda19961fefa","seq":2,"duration_ms":367,"bytes_in":191,"bytes_out":28,"enriched":{"digest":"247ca2c967be2946","strings":["SMBs","Windows 2000 2195","Windows 2000 5.0","@&.Windows 2000 2195Windows 2000 5.0"]}},{"timestamp":"2026-06-20T08:20:51","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000T�SMBr\u0000\u0000\u0000\u0000\u0018\u0001(\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000/K\u0000\u0000�^\u00001\u0000\u0002LANMAN1.0\u0000\u0002LM1.2X002\u0000\u0002NT LANMAN 1.0\u0000\u0002NT LM 0.12\u0000","payload_hex":"00000054ff534d42720000000018012800000000000000000000000000002f4b0000c55e003100024c414e4d414e312e3000024c4d312e325830303200024e54204c414e4d414e20312e3000024e54204c4d20302e313200","method":"","user_agent":"","community_id":"1:ugYJrJX182P06NSxz/HFNacxmHE=","ja3":"","session":"53782f35-5e1d-448e-9871-cda19961fefa","seq":1,"duration_ms":100,"bytes_in":88,"bytes_out":14,"enriched":{"digest":"0468c709cd31eaf8","strings":["SMBr","LANMAN1.0","LM1.2X002","NT LANMAN 1.0","NT LM 0.12"]}},{"timestamp":"2026-05-19T11:17:07","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000N�SMB2\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000A\u0000\u000f\f\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00014�\u0000\u0000\u0000\f\u0000B\u0000\u0000\u0000N\u0000\u0001\u0000\u000e\u0000\r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","payload_hex":"0000004eff534d4232000000001807c00000000000000000000000000000fffe000041000f0c00000001000000000000000134ee0000000c00420000004e0001000e000d0000000000000000000000000000","method":"","user_agent":"","community_id":"1:5o9FH6n4P4TBbijxLk76WPmER6M=","ja3":"","session":"f02a7dfd-8729-4116-91ec-c4f085d1a72d","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"5eae6febc6763bcc","strings":["SMB2"]}},{"timestamp":"2026-05-19T11:17:07","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000\\�SMBu\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000@\u0000\u0004�\u0000\\\u0000\b\u0000\u0001\u00001\u0000\u0000\\\u0000\\\u00001\u00009\u00002\u0000.\u00001\u00006\u00008\u0000.\u00005\u00006\u0000.\u00002\u00000\u0000\\\u0000I\u0000P\u0000C\u0000$\u0000\u0000\u0000?????\u0000","payload_hex":"0000005cff534d4275000000001807c00000000000000000000000000000fffe0000400004ff005c00080001003100005c005c003100390032002e003100360038002e00350036002e00320030005c00490050004300240000003f3f3f3f3f00","method":"","user_agent":"","community_id":"1:5o9FH6n4P4TBbijxLk76WPmER6M=","ja3":"","session":"f02a7dfd-8729-4116-91ec-c4f085d1a72d","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0,"enriched":{"digest":"efa66fc9f9be2f3a","strings":["SMBu","1\\\\192.168.56.20\\IPC$?????"],"iocs":{"ips":["192.168.56.20"]}}}],"http_methods":[],"distinct_ports_total":1,"top_paths":[],"distinct_paths_total":0,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":null,"tags":[],"data_as_of":"2026-07-01T08:55:16.522142+00:00"}