{"ip":"34.62.33.25","total_events":34,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":null,"why":["34 event(s), fewer than 10 distinct ports, no exploit payloads.","Not in any known-scanner range."]},"first_seen":"2026-06-29T02:40:51","last_seen":"2026-06-29T09:55:37","events_24h":0,"events_7d":34,"geo":{"country_code":"BE","country_name":"Belgium","region":"Brussels Capital","city":"Brussels","lat":50.8534,"lon":4.347,"asn":396982,"org":"Google LLC"},"source_domain":"25.33.62.34.bc.googleusercontent.com","known_scanners":[],"scanner_tag":{"key":"gcp","label":"Google Cloud","category":"hosting_provider","url":"https://cloud.google.com/"},"cve_matches":[],"malware":[],"top_ports":[{"port":23,"proto":"tcp","label":"Telnet","count":22},{"port":21,"proto":"tcp","label":"FTP","count":10},{"port":25,"proto":"tcp","label":"SMTP","count":2}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i250900_b78ed14e2fd0_e7c285222651"],"tls_ja3":["9b72665518dedb3531426284fdec8237"],"ja4h":["ge11nn0300_0db47b7d240d"]},"fingerprint_peers":{"t13i250900_b78ed14e2fd0_e7c285222651":1987,"ge11nn0300_0db47b7d240d":4391},"user_agents":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"],"timeline":[{"date":"2026-06-29","count":34}],"recent_events":[{"timestamp":"2026-06-29T09:55:37","port":21,"proto":"tcp","app_proto":"tls","app_protocol":"mqtt","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"\u0010\u0012\u0000\u0004MQTT\u0005\u0002\u0000<\u0000\u0000\u0005AAAAA","payload_hex":"101200044d5154540502003c0000054141414141","method":"","user_agent":"","community_id":"1:YDLMJjNWIXVKXMhuE4TNrZDQeWU=","ja3":"9b72665518dedb3531426284fdec8237","session":"ed1382e4-85bb-4b5c-890f-e16bbfecf9bf","seq":1,"duration_ms":100,"bytes_in":20,"bytes_out":34,"enriched":{"digest":"03018dd9d8971729","label":"MQTT","strings":["MQTT","AAAAA"]}},{"timestamp":"2026-06-29T09:55:37","port":21,"proto":"tcp","app_proto":"tls","app_protocol":"mqtt","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"\u0010\u0011\u0000\u0004MQTT\u0003\u0002\u0000<\u0000\u0005AAAAA","payload_hex":"101100044d5154540302003c00054141414141","method":"","user_agent":"","community_id":"1:Ps2Bf2EfkhA4fikwk+c6mBuAhQk=","ja3":"9b72665518dedb3531426284fdec8237","session":"13f387bc-65a5-440b-a99d-ece9a16ccd15","seq":1,"duration_ms":100,"bytes_in":19,"bytes_out":34,"enriched":{"digest":"d4b335fe12cd8784","label":"MQTT","strings":["MQTT","AAAAA"]}},{"timestamp":"2026-06-29T09:55:37","port":21,"proto":"tcp","app_proto":"tls","app_protocol":"redis","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"*1\r\n$4\r\nPING\r\n","payload_hex":"2a310d0a24340d0a50494e470d0a","method":"","user_agent":"","community_id":"1:yCvPuQ6XU0BySBdt0j7eF7f+W3o=","ja3":"9b72665518dedb3531426284fdec8237","session":"59c35571-54fe-4699-a8e1-1854b59276e7","seq":1,"duration_ms":100,"bytes_in":14,"bytes_out":34,"enriched":{"digest":"3311f70e8081417b","label":"Redis (RESP)","strings":["PING"]}},{"timestamp":"2026-06-29T09:55:37","port":21,"proto":"tcp","app_proto":"tls","app_protocol":"tls","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000#\u0000\u0003\u0000\u0000\u001e3��\u0000\radminclient-5\u0000\u0000\u0000\u0001\u0000\u0006YTVpqF","payload_hex":"00000023000300001e33f481000d61646d696e636c69656e742d35000000010006595456707146","method":"","user_agent":"","community_id":"1:jtO/RDPiEVnN/5DnCg9z4YJ85jE=","ja3":"9b72665518dedb3531426284fdec8237","session":"d27ed172-64e3-45a3-829d-6744590b9da2","seq":1,"duration_ms":100,"bytes_in":39,"bytes_out":34,"enriched":{"digest":"65596c9798b03674","strings":["adminclient-5","YTVpqF"]}},{"timestamp":"2026-06-29T09:55:36","port":21,"proto":"tcp","app_proto":"tls","app_protocol":"tls","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000C\u0000\u0012\u0000\u0000\u001e3��\u0000\u001fconsumer-Offset Explorer 2.2-18\u0000\u0012apache-kafka-java\u00062.4.0\u0000","payload_hex":"00000043001200001e33f481001f636f6e73756d65722d4f6666736574204578706c6f72657220322e322d313800126170616368652d6b61666b612d6a61766106322e342e3000","method":"","user_agent":"","community_id":"1:SQKM32yhjU/RTemY7bIqw4nw2ys=","ja3":"9b72665518dedb3531426284fdec8237","session":"5bf8e590-9b0f-46cb-9852-e6cf7f28534f","seq":1,"duration_ms":100,"bytes_in":71,"bytes_out":34,"enriched":{"digest":"5205d1d8e7086ced","strings":["consumer-Offset Explorer 2.2-18","apache-kafka-java","2.4.0"]}},{"timestamp":"2026-06-29T09:55:36","port":21,"proto":"tcp","app_proto":"tls","app_protocol":"tls","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"0:\u0002\u0004-\u0011��`2\u0002\u0001\u0003\u0004\u0017cn=idrivodwzgtzvbyopyjn�\u0014idrivodwzgtzvbyopyjn","payload_hex":"303a02042d118b8360320201030417636e3d69647269766f64777a67747a7662796f70796a6e801469647269766f64777a67747a7662796f70796a6e","method":"","user_agent":"","community_id":"1:K7eE8WuacRqBm+KNXcJVBg9Fpj4=","ja3":"9b72665518dedb3531426284fdec8237","session":"242ba9f3-85aa-47f5-becb-616848a16ff4","seq":1,"duration_ms":100,"bytes_in":60,"bytes_out":34,"enriched":{"digest":"9cceb1bfa138d161","strings":["cn=idrivodwzgtzvbyopyjn","idrivodwzgtzvbyopyjn"]}},{"timestamp":"2026-06-29T09:55:35","port":21,"proto":"tcp","app_proto":"tls","app_protocol":"tls","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"Not a command \r\n","payload_hex":"4e6f74206120636f6d6d616e64200d0a","method":"","user_agent":"","community_id":"1:m8FzXAKX2VS/UFpbUNL/OXxedKw=","ja3":"9b72665518dedb3531426284fdec8237","session":"6668ae6c-0b33-4685-b1f3-0d0c22559835","seq":1,"duration_ms":195,"bytes_in":16,"bytes_out":34,"enriched":{"digest":"ba8182e82cf8725d","strings":["Not a command"]}},{"timestamp":"2026-06-29T09:55:35","port":21,"proto":"tcp","app_proto":"tls","app_protocol":"tls","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"07�\u0003\u0002\u0001`�00.0,�*\u0004(NTLMSSP\u0000\u0001\u0000\u0000\u0000����\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","payload_hex":"3037a003020160a130302e302ca02a04284e544c4d5353500001000000f7badbe2000000000000000000000000000000000000000000000000","method":"","user_agent":"","community_id":"1:PQFfQ4dSRzh5etaz9W7aadar21A=","ja3":"9b72665518dedb3531426284fdec8237","session":"0732e04a-fe3b-4873-9c57-df52c914b605","seq":1,"duration_ms":100,"bytes_in":57,"bytes_out":34,"enriched":{"digest":"dc4c1983cd3d4350","strings":["00.0,","(NTLMSSP"]}},{"timestamp":"2026-06-29T09:55:35","port":21,"proto":"tcp","app_proto":"tls","app_protocol":"smtp","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"EHLO example.com\r\n","payload_hex":"45484c4f206578616d706c652e636f6d0d0a","method":"","user_agent":"","community_id":"1:GKXQvx8usA2RQS98U+YGIBdDyZc=","ja3":"9b72665518dedb3531426284fdec8237","session":"81b7de30-c63c-4e0a-90ce-d57750299654","seq":1,"duration_ms":195,"bytes_in":18,"bytes_out":34,"enriched":{"digest":"cbacbcd31c19589f","label":"SMTP","strings":["EHLO example.com"],"iocs":{"domains":["example.com"]}}},{"timestamp":"2026-06-29T09:55:34","port":21,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:21\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32310d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3132372e302e302e30205361666172692f3533372e33360d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36","community_id":"1:kTLluW4ntKTtxfRDKKqabKbO9fQ=","ja3":"9b72665518dedb3531426284fdec8237","session":"8436d6ae-6bb8-4af1-9c16-dc8eb3fe4f41","seq":1,"duration_ms":95,"bytes_in":189,"bytes_out":34}],"http_methods":[{"method":"GET","count":5}],"distinct_ports_total":3,"top_paths":[{"path":"/","count":5,"ports":3}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:21","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36","notable":false}],"distinct_sets":1,"events_with_headers":1},"tags":[],"data_as_of":"2026-07-05T03:20:52.534612+00:00"}