{"ip":"45.134.225.48","total_events":4652,"verdict":{"verdict":"scanning","label":"Unrecognized scanner","detail":"1744+ ports swept","confidence":"medium","network_type":"CDN"},"first_seen":"2026-03-05T09:34:48","last_seen":"2026-06-22T10:35:02","events_24h":727,"events_7d":1282,"geo":{"country_code":"DE","country_name":"Germany","region":"","city":"","lat":51.2993,"lon":9.491,"asn":213438,"org":"ColocaTel Inc."},"source_domain":null,"known_scanners":[],"scanner_tag":{"key":"peeringdb:as213438","label":"colocatel-inc","category":"cdn","url":"https://www.peeringdb.com/asn/213438"},"cve_matches":[{"cve_id":"CVE-2015-1880","title":"Fortinet FortiOS <=5.2.3 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/remote/login"}],"top_ports":[{"port":443,"proto":"tcp","label":"HTTPS","count":147},{"port":3389,"proto":"tcp","label":"RDP","count":30},{"port":3391,"proto":"tcp","label":"","count":27},{"port":3390,"proto":"tcp","label":"","count":24},{"port":56000,"proto":"tcp","label":"","count":14},{"port":5454,"proto":"tcp","label":"","count":14},{"port":10350,"proto":"tcp","label":"","count":14},{"port":2288,"proto":"tcp","label":"","count":14},{"port":43683,"proto":"tcp","label":"","count":14},{"port":15932,"proto":"tcp","label":"","count":14},{"port":6900,"proto":"tcp","label":"","count":12},{"port":5959,"proto":"tcp","label":"","count":12},{"port":10008,"proto":"tcp","label":"","count":12},{"port":26735,"proto":"tcp","label":"","count":12},{"port":54685,"proto":"tcp","label":"","count":12}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i131200_f57a46bbacb6_fb48f8b98a29"],"tls_ja3":[],"ja4h":["ge11nn04en_171d872ea17d"]},"fingerprint_peers":{"t13i131200_f57a46bbacb6_fb48f8b98a29":35,"ge11nn04en_171d872ea17d":33},"user_agents":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15"],"timeline":[{"date":"2026-04-07","count":906},{"date":"2026-05-04","count":252},{"date":"2026-05-06","count":320},{"date":"2026-05-07","count":260},{"date":"2026-05-14","count":6},{"date":"2026-05-22","count":8},{"date":"2026-05-30","count":14},{"date":"2026-06-20","count":284},{"date":"2026-06-21","count":660},{"date":"2026-06-22","count":338}],"recent_events":[{"timestamp":"2026-06-22T10:35:02","port":47272,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:E8OGxUPB69Kk4COYFD0fC49MJ8c=","ja3":"","session":"0385d929-c296-403a-b755-40ac1d5f8938","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":13,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:34:30","port":64903,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:sc1+MQ8cJeGSw/I9jZjDnsdyHLA=","ja3":"","session":"def1a256-26b2-4140-a8dd-d9bc7518223e","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":13,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:29:11","port":26983,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:2YRu3TNXYcO5zMsq0nosjnNo0jc=","ja3":"","session":"77026bb7-dff6-4937-ac4b-1475a99ca1a3","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":13,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:27:59","port":43176,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:r1SLpXbScGJMl6LLyydxt8YOwIM=","ja3":"","session":"6be81ddf-eba0-4ea6-969b-13963428305a","seq":1,"duration_ms":101,"bytes_in":47,"bytes_out":13,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:25:42","port":8376,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:W3/9wvx+ZFo3WPkMhs/1LqGeYVM=","ja3":"","session":"bca831b9-c5f3-4619-a761-e589ac395ef4","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":13,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:24:33","port":28272,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:8wGCUya8QhTo1dY9xtawk4D8o/Y=","ja3":"","session":"15eba433-f4c8-46f6-87cf-bd752772f1b2","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":13,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:23:10","port":61613,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:wH3YT2GAuEqn0HqGDJqYreRt6PQ=","ja3":"","session":"25990d63-ee58-41cf-bcd3-c73e6d089a28","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":13,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:19:08","port":60364,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:7thkJAgSJLtmTeZxShGhUys4Z7w=","ja3":"","session":"dda0208a-c4a4-41d8-9a59-2da7132179e0","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":13,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:18:59","port":19397,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:U6sXBuzd9/QLVSD6w41Glb5szBs=","ja3":"","session":"135efc76-13a8-441b-a54a-f8a1fc4c1398","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":13,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}},{"timestamp":"2026-06-22T10:17:10","port":58440,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000/*�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","payload_hex":"0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000","method":"","user_agent":"","community_id":"1:WEheFCgkFoVi71wFHDwhtIb7F2s=","ja3":"","session":"212a2317-a26a-4d87-bb58-be0a83e2ce61","seq":1,"duration_ms":100,"bytes_in":47,"bytes_out":13,"enriched":{"digest":"b6d67a37a50bfeec","label":"RDP (X.224)","strings":["Cookie: mstshash=Administr"]}}],"http_methods":[{"method":"GET","count":280}],"distinct_ports_total":1744,"top_paths":[{"path":"/RDWeb/Pages/","count":112,"ports":22},{"path":"/+CSCOE+/logon.html","count":84,"ports":21},{"path":"/remote/login?lang=en","count":84,"ports":21}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":null,"tags":[{"tag_id":"CVE-2015-1880","tag_type":"cve","title":"Fortinet FortiOS <=5.2.3 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/remote/login","reference_urls":["https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page","http://www.fortiguard.com/advisory/FG-IR-15-005/","https://nvd.nist.gov/vuln/detail/CVE-2015-1880","http://www.securitytracker.com/id/1032261","http://www.securitytracker.com/id/1032262"]}],"data_as_of":"2026-06-22T10:38:56.891777+00:00"}