{"ip":"34.77.218.101","total_events":3,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":null,"why":["3 event(s), fewer than 10 distinct ports, no exploit payloads.","Not in any known-scanner range."]},"first_seen":"2026-07-01T05:09:47","last_seen":"2026-07-01T08:03:05","events_24h":0,"events_7d":3,"geo":{"country_code":"BE","country_name":"Belgium","region":"Brussels Capital","city":"Brussels","lat":50.8534,"lon":4.347,"asn":396982,"org":"Google LLC"},"source_domain":"101.218.77.34.bc.googleusercontent.com","known_scanners":[],"scanner_tag":{"key":"gcp","label":"Google Cloud","category":"hosting_provider","url":"https://cloud.google.com/"},"cve_matches":[],"malware":[],"top_ports":[{"port":25,"proto":"tcp","label":"SMTP","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i250900_b78ed14e2fd0_e7c285222651"],"tls_ja3":["9b72665518dedb3531426284fdec8237"],"ja4h":["ge11nn0300_0db47b7d240d"]},"fingerprint_peers":{"t13i250900_b78ed14e2fd0_e7c285222651":1989,"ge11nn0300_0db47b7d240d":4397},"user_agents":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"],"timeline":[{"date":"2026-07-01","count":3}],"recent_events":[{"timestamp":"2026-07-01T08:03:05","port":25,"proto":"tcp","app_proto":"tls","app_protocol":"smtp","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"EHLO example.com\r\n","payload_hex":"45484c4f206578616d706c652e636f6d0d0a","method":"","user_agent":"","community_id":"1:fjDZoa+J3y0Qhe/4HblLMcwJ208=","ja3":"9b72665518dedb3531426284fdec8237","session":"f2de2ce2-a431-45c2-8528-dec606630b0f","seq":1,"duration_ms":195,"bytes_in":18,"bytes_out":40,"enriched":{"digest":"cbacbcd31c19589f","label":"SMTP","strings":["EHLO example.com"],"iocs":{"domains":["example.com"]}}},{"timestamp":"2026-07-01T08:03:04","port":25,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:25\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32350d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3132372e302e302e30205361666172692f3533372e33360d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36","community_id":"1:GHA1tkORHmTWHxS8QYzFjukCcWk=","ja3":"9b72665518dedb3531426284fdec8237","session":"a10192ab-5a24-4351-a520-6e6967ad6c7f","seq":1,"duration_ms":95,"bytes_in":189,"bytes_out":40},{"timestamp":"2026-07-01T05:09:47","port":25,"proto":"tcp","app_proto":"","app_protocol":"smtp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"EHLO\r\n","payload_hex":"45484c4f0d0a","method":"","user_agent":"","community_id":"1:wRCQKmKMPDSPBNrE0/uugJCd6fw=","ja3":"","session":"2a6b6bda-6b14-4d7f-ae87-e6105ceee7cd","seq":1,"duration_ms":95,"bytes_in":6,"bytes_out":40,"enriched":{"digest":"87f781591201aca6","label":"SMTP","strings":["EHLO"]}}],"http_methods":[{"method":"GET","count":1}],"distinct_ports_total":1,"top_paths":[{"path":"/","count":1,"ports":1}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:25","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36","notable":false}],"distinct_sets":1,"events_with_headers":1},"tags":[],"data_as_of":"2026-07-05T04:29:44.052028+00:00"}