{"ip":"36.106.166.217","total_events":5,"verdict":{"verdict":"probing","label":"Low-level probing","detail":null,"confidence":"low","network_type":null},"first_seen":"2026-02-26T06:59:23","last_seen":"2026-05-18T20:35:30","events_24h":0,"events_7d":0,"geo":{"country_code":"CN","country_name":"China","region":"","city":"","lat":34.7732,"lon":113.722,"asn":17638,"org":"ASN for TIANJIN Provincial Net of CT"},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":20880,"proto":"tcp","label":"","count":1},{"port":3443,"proto":"tcp","label":"","count":1},{"port":60021,"proto":"tcp","label":"","count":1},{"port":40000,"proto":"tcp","label":"","count":1},{"port":2012,"proto":"tcp","label":"","count":1}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190800_9dc949149365_97f8aa674fd9","t13i190900_9dc949149365_e7c285222651"],"tls_ja3":[],"ja4h":["ge11nn0300_86b6b04cb9cc","ge11nn0200_79258615d613"]},"fingerprint_peers":{"t13i190800_9dc949149365_97f8aa674fd9":4326,"t13i190900_9dc949149365_e7c285222651":3019,"ge11nn0200_79258615d613":4144,"ge11nn0300_86b6b04cb9cc":4783},"user_agents":["Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"],"timeline":[{"date":"2026-04-28","count":1},{"date":"2026-04-30","count":1},{"date":"2026-05-17","count":1},{"date":"2026-05-18","count":1}],"recent_events":[{"timestamp":"2026-05-18T20:35:30","port":20880,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:20880\",\"user-agent\":\"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/favicon.ico","summary":"","payload_hex":"474554202f66617669636f6e2e69636f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32303838300d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e3129204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f34392e302e323632332e313132205361666172692f3533372e33360d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36","community_id":"1:Y3+mUE2S8Q8cRP9Kt92SUxCLER8=","ja3":"","session":"ca9de054-0104-4580-9a22-6c8a20de3d98","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-05-17T10:06:33","port":3443,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:3443\",\"user-agent\":\"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/favicon.ico","summary":"","payload_hex":"474554202f66617669636f6e2e69636f20485454502f312e310d0a486f73743a20<HONEYPOT>3a333434330d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e3129204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f34392e302e323632332e313132205361666172692f3533372e33360d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36","community_id":"1:ufr5S2vgIexKGxFAD2d+9dWspVY=","ja3":"","session":"3ec32310-d2f1-4656-8f23-b8c8b7e61008","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-04-30T15:45:05","port":2012,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:2012\",\"user-agent\":\"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/favicon.ico","summary":"","payload_hex":"474554202f66617669636f6e2e69636f20485454502f312e310d0a486f73743a20<HONEYPOT>3a323031320d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e3129204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f34392e302e323632332e313132205361666172692f3533372e33360d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36","community_id":"1:8gLmJhQmEb00aMHo19bLK6fzGqI=","ja3":"","session":"18155567-16a8-4f05-8bbf-27f23736078a","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-04-28T07:09:47","port":40000,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:40000\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34303030300d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"","community_id":"1:m00txPuDCedzh3S4SXm+LP3beho=","ja3":"","session":"05944e97-131a-4fbd-a602-ac6e36e608db","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0},{"timestamp":"2026-02-26T06:59:23","port":60021,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"connection\":\"close\",\"host\":\"<HONEYPOT>:60021\",\"user-agent\":\"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a36303032310d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e3129204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f34392e302e323632332e313132205361666172692f3533372e33360d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36","community_id":"1:kdAWQZ6HVJ0b8vMg5Lv2MKdB85I=","ja3":"","session":"e8a1095e-bf8c-4217-b480-3c927dedc94f","seq":0,"duration_ms":0,"bytes_in":0,"bytes_out":0}],"http_methods":[{"method":"GET","count":5}],"distinct_ports_total":5,"top_paths":[{"path":"/favicon.ico","count":3,"ports":3},{"path":"/","count":2,"ports":2}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Connection","Host","User-Agent"],"representative":[{"name":"Connection","value":"close","notable":false},{"name":"Host","value":"<HONEYPOT>:20880","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36","notable":false}],"distinct_sets":2,"events_with_headers":5},"tags":[],"data_as_of":"2026-06-21T07:59:11.669624+00:00"}