{"ip":"2.179.164.65","total_events":46,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":null},"first_seen":"2026-02-24T20:00:08","last_seen":"2026-06-24T16:58:49","events_24h":0,"events_7d":0,"geo":{"country_code":"IR","country_name":"Iran","region":"","city":"","lat":35.698,"lon":51.4115,"asn":58224,"org":"Iran Telecommunication Company PJS"},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":445,"proto":"tcp","label":"SMB","count":46}],"fingerprints":{"ssh_hassh":[],"tls_ja4":[],"tls_ja3":[],"ja4h":[]},"fingerprint_peers":{},"user_agents":[],"timeline":[{"date":"2026-06-24","count":16}],"recent_events":[{"timestamp":"2026-06-24T16:58:49","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000N�SMB2\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000A\u0000\u000f\f\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00014�\u0000\u0000\u0000\f\u0000B\u0000\u0000\u0000N\u0000\u0001\u0000\u000e\u0000\r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","payload_hex":"0000004eff534d4232000000001807c00000000000000000000000000000fffe000041000f0c00000001000000000000000134ee0000000c00420000004e0001000e000d0000000000000000000000000000","method":"","user_agent":"","community_id":"1:vDEHhkl0Z4/xNTPVo5hoahwMWOE=","ja3":"","session":"d98778c3-f46a-417b-9de0-bbf4bc4c104f","seq":4,"duration_ms":922,"bytes_in":455,"bytes_out":48,"enriched":{"digest":"5eae6febc6763bcc","strings":["SMB2"]}},{"timestamp":"2026-06-24T16:58:48","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000\\�SMBu\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000@\u0000\u0004�\u0000\\\u0000\b\u0000\u0001\u00001\u0000\u0000\\\u0000\\\u00001\u00009\u00002\u0000.\u00001\u00006\u00008\u0000.\u00005\u00006\u0000.\u00002\u00000\u0000\\\u0000I\u0000P\u0000C\u0000$\u0000\u0000\u0000?????\u0000","payload_hex":"0000005cff534d4275000000001807c00000000000000000000000000000fffe0000400004ff005c00080001003100005c005c003100390032002e003100360038002e00350036002e00320030005c00490050004300240000003f3f3f3f3f00","method":"","user_agent":"","community_id":"1:vDEHhkl0Z4/xNTPVo5hoahwMWOE=","ja3":"","session":"d98778c3-f46a-417b-9de0-bbf4bc4c104f","seq":3,"duration_ms":650,"bytes_in":373,"bytes_out":36,"enriched":{"digest":"efa66fc9f9be2f3a","strings":["SMBu","1\\\\192.168.56.20\\IPC$?????"],"iocs":{"ips":["192.168.56.20"]}}},{"timestamp":"2026-06-24T16:58:48","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000��SMBs\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000@\u0000\r�\u0000�\u0000\u0004\u0011\n\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000�\u0000\u0000\u0000K\u0000\u0000\u0000\u0000\u0000\u0000W\u0000i\u0000n\u0000d\u0000o\u0000w\u0000s\u0000 \u00002\u00000\u00000\u00000\u0000 \u00002\u00001\u00009\u00005\u0000\u0000\u0000W\u0000i\u0000n\u0000d\u0000o\u0000w\u0000s\u0000 \u00002\u00000\u00000\u00000\u0000 \u00005\u0000.\u00000\u0000\u0000\u0000","payload_hex":"00000088ff534d4273000000001807c00000000000000000000000000000fffe000040000dff00880004110a000000000000000100000000000000d40000004b000000000000570069006e0064006f007700730020003200300030003000200032003100390035000000570069006e0064006f007700730020003200300030003000200035002e0030000000","method":"","user_agent":"","community_id":"1:vDEHhkl0Z4/xNTPVo5hoahwMWOE=","ja3":"","session":"d98778c3-f46a-417b-9de0-bbf4bc4c104f","seq":2,"duration_ms":375,"bytes_in":277,"bytes_out":24,"enriched":{"digest":"ee47b9d34e56607b","strings":["SMBs","KWindows 2000 2195Windows 2000 5.0"]}},{"timestamp":"2026-06-24T16:58:48","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000��SMBr\u0000\u0000\u0000\u0000\u0018S�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000@\u0000\u0000b\u0000\u0002PC NETWORK PROGRAM 1.0\u0000\u0002LANMAN1.0\u0000\u0002Windows for Workgroups 3.1a\u0000\u0002LM1.2X002\u0000\u0002LANMAN2.1\u0000\u0002NT LM 0.12\u0000","payload_hex":"00000085ff534d4272000000001853c00000000000000000000000000000fffe00004000006200025043204e4554574f524b2050524f4752414d20312e3000024c414e4d414e312e30000257696e646f777320666f7220576f726b67726f75707320332e316100024c4d312e325830303200024c414e4d414e322e3100024e54204c4d20302e313200","method":"","user_agent":"","community_id":"1:vDEHhkl0Z4/xNTPVo5hoahwMWOE=","ja3":"","session":"d98778c3-f46a-417b-9de0-bbf4bc4c104f","seq":1,"duration_ms":100,"bytes_in":137,"bytes_out":12,"enriched":{"digest":"bf5baf1504bec0a1","strings":["SMBr","PC NETWORK PROGRAM 1.0","LANMAN1.0","Windows for Workgroups 3.1a","LM1.2X002","LANMAN2.1","NT LM 0.12"]}},{"timestamp":"2026-06-24T16:58:44","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000J�SMB%\u0000\u0000\u0000\u0000\u0018\u0001(\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0010\u0000\u0000\u0000\u0000����\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000J\u0000\u0000\u0000J\u0000\u0002\u0000#\u0000\u0000\u0000\u0007\u0000\\PIPE\\\u0000","payload_hex":"0000004aff534d42250000000018012800000000000000000000000000000000000000001000000000ffffffff0000000000000000000000004a0000004a0002002300000007005c504950455c00","method":"","user_agent":"","community_id":"1:FfXPZ3LavaCah/UoHt1c4FYyovY=","ja3":"","session":"543dfea8-f449-4df7-b51e-3309d7bd0f89","seq":4,"duration_ms":922,"bytes_in":364,"bytes_out":48,"enriched":{"digest":"517764f22c39500b","strings":["SMB%","\\PIPE\\"]}},{"timestamp":"2026-06-24T16:58:44","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000[�SMBu\u0000\u0000\u0000\u0000\u0018\u0001 \u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000/K\u0001\b�^\u0004�\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u001c\u0000\u0000\\\\192.168.2.42\\IPC$\u0000?????\u0000EPATH_REPLACE__?????\u0000","payload_hex":"0000005bff534d42750000000018012000000000000000000000000000002f4b0108c55e04ff000000000001001c00005c5c3139322e3136382e322e34325c49504324003f3f3f3f3f0045504154485f5245504c4143455f5f3f3f3f3f3f00","method":"","user_agent":"","community_id":"1:FfXPZ3LavaCah/UoHt1c4FYyovY=","ja3":"","session":"543dfea8-f449-4df7-b51e-3309d7bd0f89","seq":3,"duration_ms":647,"bytes_in":286,"bytes_out":36,"enriched":{"digest":"8767faec45f3e4cf","strings":["SMBu","\\\\192.168.2.42\\IPC$","EPATH_REPLACE__?????","\\\\192.168.2.42\\IPC$?????EPATH_REPLACE__?????"],"iocs":{"ips":["192.168.2.42"]}}},{"timestamp":"2026-06-24T16:58:44","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000c�SMBs\u0000\u0000\u0000\u0000\u0018\u0001 \u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000/K\u0000\u0000�^\r�\u0000\u0000\u0000��\u0002\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000@\u0000\u0000\u0000&\u0000\u0000.\u0000Windows 2000 2195\u0000Windows 2000 5.0\u0000","payload_hex":"00000063ff534d42730000000018012000000000000000000000000000002f4b0000c55e0dff000000dfff02000100000000000000000000000000400000002600002e0057696e646f7773203230303020323139350057696e646f7773203230303020352e3000","method":"","user_agent":"","community_id":"1:FfXPZ3LavaCah/UoHt1c4FYyovY=","ja3":"","session":"543dfea8-f449-4df7-b51e-3309d7bd0f89","seq":2,"duration_ms":375,"bytes_in":191,"bytes_out":24,"enriched":{"digest":"247ca2c967be2946","strings":["SMBs","Windows 2000 2195","Windows 2000 5.0","@&.Windows 2000 2195Windows 2000 5.0"]}},{"timestamp":"2026-06-24T16:58:43","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000T�SMBr\u0000\u0000\u0000\u0000\u0018\u0001(\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000/K\u0000\u0000�^\u00001\u0000\u0002LANMAN1.0\u0000\u0002LM1.2X002\u0000\u0002NT LANMAN 1.0\u0000\u0002NT LM 0.12\u0000","payload_hex":"00000054ff534d42720000000018012800000000000000000000000000002f4b0000c55e003100024c414e4d414e312e3000024c4d312e325830303200024e54204c414e4d414e20312e3000024e54204c4d20302e313200","method":"","user_agent":"","community_id":"1:FfXPZ3LavaCah/UoHt1c4FYyovY=","ja3":"","session":"543dfea8-f449-4df7-b51e-3309d7bd0f89","seq":1,"duration_ms":100,"bytes_in":88,"bytes_out":12,"enriched":{"digest":"0468c709cd31eaf8","strings":["SMBr","LANMAN1.0","LM1.2X002","NT LANMAN 1.0","NT LM 0.12"]}},{"timestamp":"2026-06-24T16:36:08","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000N�SMB2\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000A\u0000\u000f\f\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00014�\u0000\u0000\u0000\f\u0000B\u0000\u0000\u0000N\u0000\u0001\u0000\u000e\u0000\r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","payload_hex":"0000004eff534d4232000000001807c00000000000000000000000000000fffe000041000f0c00000001000000000000000134ee0000000c00420000004e0001000e000d0000000000000000000000000000","method":"","user_agent":"","community_id":"1:X+5HIX927ix/5l3vAFfU6PWh5/E=","ja3":"","session":"b11f0674-d6fb-4590-b0ea-827c593209b4","seq":4,"duration_ms":950,"bytes_in":455,"bytes_out":48,"enriched":{"digest":"5eae6febc6763bcc","strings":["SMB2"]}},{"timestamp":"2026-06-24T16:36:08","port":445,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000\\�SMBu\u0000\u0000\u0000\u0000\u0018\u0007�\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000��\u0000\u0000@\u0000\u0004�\u0000\\\u0000\b\u0000\u0001\u00001\u0000\u0000\\\u0000\\\u00001\u00009\u00002\u0000.\u00001\u00006\u00008\u0000.\u00005\u00006\u0000.\u00002\u00000\u0000\\\u0000I\u0000P\u0000C\u0000$\u0000\u0000\u0000?????\u0000","payload_hex":"0000005cff534d4275000000001807c00000000000000000000000000000fffe0000400004ff005c00080001003100005c005c003100390032002e003100360038002e00350036002e00320030005c00490050004300240000003f3f3f3f3f00","method":"","user_agent":"","community_id":"1:X+5HIX927ix/5l3vAFfU6PWh5/E=","ja3":"","session":"b11f0674-d6fb-4590-b0ea-827c593209b4","seq":3,"duration_ms":667,"bytes_in":373,"bytes_out":36,"enriched":{"digest":"efa66fc9f9be2f3a","strings":["SMBu","1\\\\192.168.56.20\\IPC$?????"],"iocs":{"ips":["192.168.56.20"]}}}],"http_methods":[],"distinct_ports_total":1,"top_paths":[],"distinct_paths_total":0,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":null,"tags":[],"data_as_of":"2026-07-02T21:20:05.935244+00:00"}