{"ip":"45.142.193.197","total_events":902,"verdict":{"verdict":"scanning","label":"Unrecognized scanner","detail":"386+ ports swept","confidence":"medium","network_type":null},"first_seen":"2026-03-02T13:40:55","last_seen":"2026-06-17T20:50:05","events_24h":0,"events_7d":34,"geo":{"country_code":"RO","country_name":"Romania","region":"","city":"","lat":45.9968,"lon":24.997,"asn":214295,"org":"Skynet Network Ltd"},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[{"cve_id":"CVE-2015-1880","title":"Fortinet FortiOS <=5.2.3 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/remote/login"},{"cve_id":"CVE-2018-10141","title":"Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/global-protect/login.esp"}],"top_ports":[{"port":8443,"proto":"tcp","label":"HTTPS-alt","count":12},{"port":4518,"proto":"tcp","label":"","count":10},{"port":445,"proto":"tcp","label":"SMB","count":10},{"port":4443,"proto":"tcp","label":"","count":8},{"port":264,"proto":"tcp","label":"","count":8},{"port":443,"proto":"tcp","label":"HTTPS","count":8},{"port":59449,"proto":"tcp","label":"","count":8},{"port":45121,"proto":"tcp","label":"","count":8},{"port":8090,"proto":"tcp","label":"","count":7},{"port":2598,"proto":"tcp","label":"","count":7},{"port":6423,"proto":"tcp","label":"","count":7},{"port":8080,"proto":"tcp","label":"HTTP-alt","count":7},{"port":4043,"proto":"tcp","label":"","count":6},{"port":4440,"proto":"tcp","label":"","count":6},{"port":8888,"proto":"tcp","label":"HTTP-alt","count":6}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i181100_e8a523a41297_02c8e53ee398","t13i131000_f57a46bbacb6_e5728521abd4","t13i180900_e8a523a41297_78e6aca7449b"],"tls_ja3":["43cf532976cbdec73c21b564756fd088","7c5a42bc3e6679b3cdf9ae958f3a6f4f"],"ja4h":["po11nn18ru_144a47e02f43","ge11nn0400_11975a10f91b","ge11nn0700_182a8d8ef009","po11nn0600_da06d4cb66f4","ge11nn10ru_779e54975f7d"]},"fingerprint_peers":{"t13i180900_e8a523a41297_78e6aca7449b":27,"t13i131000_f57a46bbacb6_e5728521abd4":190,"t13i181100_e8a523a41297_02c8e53ee398":23,"ge11nn10ru_779e54975f7d":6,"ge11nn0400_11975a10f91b":22,"po11nn18ru_144a47e02f43":6,"ge11nn0700_182a8d8ef009":6,"po11nn0600_da06d4cb66f4":11},"user_agents":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"timeline":[{"date":"2026-04-06","count":18},{"date":"2026-04-07","count":6},{"date":"2026-04-13","count":24},{"date":"2026-04-14","count":6},{"date":"2026-04-18","count":10},{"date":"2026-04-19","count":2},{"date":"2026-04-21","count":3},{"date":"2026-04-22","count":9},{"date":"2026-04-23","count":10},{"date":"2026-04-24","count":4},{"date":"2026-05-01","count":16},{"date":"2026-05-02","count":4},{"date":"2026-05-06","count":30},{"date":"2026-05-08","count":16},{"date":"2026-05-09","count":24},{"date":"2026-05-10","count":3},{"date":"2026-05-11","count":15},{"date":"2026-05-14","count":66},{"date":"2026-05-15","count":85},{"date":"2026-05-27","count":52},{"date":"2026-05-28","count":22},{"date":"2026-06-01","count":11},{"date":"2026-06-02","count":27},{"date":"2026-06-03","count":11},{"date":"2026-06-04","count":10},{"date":"2026-06-06","count":1},{"date":"2026-06-07","count":10},{"date":"2026-06-08","count":13},{"date":"2026-06-09","count":30},{"date":"2026-06-10","count":10},{"date":"2026-06-11","count":25},{"date":"2026-06-12","count":13},{"date":"2026-06-13","count":16},{"date":"2026-06-14","count":7},{"date":"2026-06-15","count":16},{"date":"2026-06-16","count":23},{"date":"2026-06-17","count":24}],"recent_events":[{"timestamp":"2026-06-17T20:50:05","port":593,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"content-length\":\"128\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:593\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"prot=https%3A&server=<HONEYPOT>&inputStr=&action=getsoftware&user=admin&passwd=admin&new-passwd=&confirm-new-passwd=&ok=Log+In","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/global-protect/login.esp","summary":"","payload_hex":"504f5354202f676c6f62616c2d70726f746563742f6c6f67696e2e65737020485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a636f6e74656e742d6c656e6774683a203132380d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a3539330d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a70726f743d6874747073253341267365727665723d<HONEYPOT>26696e7075745374723d26616374696f6e3d676574736f66747761726526757365723d61646d696e267061737377643d61646d696e266e65772d7061737377643d26636f6e6669726d2d6e65772d7061737377643d266f6b3d4c6f672b496e","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:Jfmi5iTqAILRNSEAIZgmKpZyatY=","ja3":"43cf532976cbdec73c21b564756fd088","session":"30b3a630-c4ff-4ef9-af97-478036255102","seq":1,"duration_ms":100,"bytes_in":464,"bytes_out":79},{"timestamp":"2026-06-17T20:03:34","port":37777,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"content-length\":\"128\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:37777\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"prot=https%3A&server=<HONEYPOT>&inputStr=&action=getsoftware&user=admin&passwd=admin&new-passwd=&confirm-new-passwd=&ok=Log+In","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/global-protect/login.esp","summary":"","payload_hex":"504f5354202f676c6f62616c2d70726f746563742f6c6f67696e2e65737020485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a636f6e74656e742d6c656e6774683a203132380d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a33373737370d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a70726f743d6874747073253341267365727665723d<HONEYPOT>26696e7075745374723d26616374696f6e3d676574736f66747761726526757365723d61646d696e267061737377643d61646d696e266e65772d7061737377643d26636f6e6669726d2d6e65772d7061737377643d266f6b3d4c6f672b496e","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:G3W1KY3yE3C3k12EWM1Cn839Se8=","ja3":"43cf532976cbdec73c21b564756fd088","session":"c2202336-b61c-4df9-8d51-1e5851083157","seq":1,"duration_ms":101,"bytes_in":466,"bytes_out":79},{"timestamp":"2026-06-17T18:53:12","port":13084,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"content-length\":\"128\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:13084\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"prot=https%3A&server=<HONEYPOT>&inputStr=&action=getsoftware&user=admin&passwd=admin&new-passwd=&confirm-new-passwd=&ok=Log+In","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/global-protect/login.esp","summary":"","payload_hex":"504f5354202f676c6f62616c2d70726f746563742f6c6f67696e2e65737020485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a636f6e74656e742d6c656e6774683a203132380d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a31333038340d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a70726f743d6874747073253341267365727665723d<HONEYPOT>26696e7075745374723d26616374696f6e3d676574736f66747761726526757365723d61646d696e267061737377643d61646d696e266e65772d7061737377643d26636f6e6669726d2d6e65772d7061737377643d266f6b3d4c6f672b496e","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:J77o+f1gmDMfPjNEiNq+YSZLFsw=","ja3":"43cf532976cbdec73c21b564756fd088","session":"9475c97f-a700-448f-9870-5587fefe790c","seq":1,"duration_ms":100,"bytes_in":466,"bytes_out":79},{"timestamp":"2026-06-17T18:20:24","port":4444,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"content-length\":\"128\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:4444\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"prot=https%3A&server=<HONEYPOT>&inputStr=&action=getsoftware&user=admin&passwd=admin&new-passwd=&confirm-new-passwd=&ok=Log+In","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/global-protect/login.esp","summary":"","payload_hex":"504f5354202f676c6f62616c2d70726f746563742f6c6f67696e2e65737020485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a636f6e74656e742d6c656e6774683a203132380d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a343434340d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a70726f743d6874747073253341267365727665723d<HONEYPOT>26696e7075745374723d26616374696f6e3d676574736f66747761726526757365723d61646d696e267061737377643d61646d696e266e65772d7061737377643d26636f6e6669726d2d6e65772d7061737377643d266f6b3d4c6f672b496e","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:y2I4WL5pwyurJSiExgGZcBaO5lU=","ja3":"43cf532976cbdec73c21b564756fd088","session":"9fc3a457-908f-45c0-8a9d-04e79ea6948f","seq":1,"duration_ms":100,"bytes_in":465,"bytes_out":79},{"timestamp":"2026-06-17T18:14:03","port":7998,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"content-length\":\"128\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:7998\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"prot=https%3A&server=<HONEYPOT>&inputStr=&action=getsoftware&user=admin&passwd=admin&new-passwd=&confirm-new-passwd=&ok=Log+In","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/global-protect/login.esp","summary":"","payload_hex":"504f5354202f676c6f62616c2d70726f746563742f6c6f67696e2e65737020485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a636f6e74656e742d6c656e6774683a203132380d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a373939380d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a70726f743d6874747073253341267365727665723d<HONEYPOT>26696e7075745374723d26616374696f6e3d676574736f66747761726526757365723d61646d696e267061737377643d61646d696e266e65772d7061737377643d26636f6e6669726d2d6e65772d7061737377643d266f6b3d4c6f672b496e","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:Bbzt6RFBUGz21yoLncd1sqeBIEE=","ja3":"43cf532976cbdec73c21b564756fd088","session":"4c445240-8985-4805-b377-fe0b32bf779e","seq":1,"duration_ms":101,"bytes_in":465,"bytes_out":79},{"timestamp":"2026-06-17T15:27:19","port":8139,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"content-length\":\"128\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:8139\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"prot=https%3A&server=<HONEYPOT>&inputStr=&action=getsoftware&user=admin&passwd=admin&new-passwd=&confirm-new-passwd=&ok=Log+In","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/global-protect/login.esp","summary":"","payload_hex":"504f5354202f676c6f62616c2d70726f746563742f6c6f67696e2e65737020485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a636f6e74656e742d6c656e6774683a203132380d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a383133390d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a70726f743d6874747073253341267365727665723d<HONEYPOT>26696e7075745374723d26616374696f6e3d676574736f66747761726526757365723d61646d696e267061737377643d61646d696e266e65772d7061737377643d26636f6e6669726d2d6e65772d7061737377643d266f6b3d4c6f672b496e","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:JmntzHXFWyBclEs2+8N4rC4LGUU=","ja3":"43cf532976cbdec73c21b564756fd088","session":"8b42a360-8f60-4a44-996a-3c85d25facf1","seq":1,"duration_ms":100,"bytes_in":465,"bytes_out":79},{"timestamp":"2026-06-17T13:57:35","port":8728,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"content-length\":\"128\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:8728\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"prot=https%3A&server=<HONEYPOT>&inputStr=&action=getsoftware&user=admin&passwd=admin&new-passwd=&confirm-new-passwd=&ok=Log+In","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/global-protect/login.esp","summary":"","payload_hex":"504f5354202f676c6f62616c2d70726f746563742f6c6f67696e2e65737020485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a636f6e74656e742d6c656e6774683a203132380d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a383732380d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a70726f743d6874747073253341267365727665723d<HONEYPOT>26696e7075745374723d26616374696f6e3d676574736f66747761726526757365723d61646d696e267061737377643d61646d696e266e65772d7061737377643d26636f6e6669726d2d6e65772d7061737377643d266f6b3d4c6f672b496e","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:Kh/Esm5R6JzDBDQVCZMPzibA3qc=","ja3":"43cf532976cbdec73c21b564756fd088","session":"94eb9405-ddfa-428d-a7c2-e876c6803118","seq":1,"duration_ms":100,"bytes_in":465,"bytes_out":79},{"timestamp":"2026-06-17T13:51:23","port":57785,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"content-length\":\"128\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:57785\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"prot=https%3A&server=<HONEYPOT>&inputStr=&action=getsoftware&user=admin&passwd=admin&new-passwd=&confirm-new-passwd=&ok=Log+In","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/global-protect/login.esp","summary":"","payload_hex":"504f5354202f676c6f62616c2d70726f746563742f6c6f67696e2e65737020485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a636f6e74656e742d6c656e6774683a203132380d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a35373738350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a70726f743d6874747073253341267365727665723d<HONEYPOT>26696e7075745374723d26616374696f6e3d676574736f66747761726526757365723d61646d696e267061737377643d61646d696e266e65772d7061737377643d26636f6e6669726d2d6e65772d7061737377643d266f6b3d4c6f672b496e","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:PcOv/9JWliXfHVddPYJG1XTUErU=","ja3":"43cf532976cbdec73c21b564756fd088","session":"6e4871ab-dd50-495c-b6af-f30ccd049785","seq":1,"duration_ms":100,"bytes_in":466,"bytes_out":79},{"timestamp":"2026-06-17T12:38:07","port":3790,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"content-length\":\"128\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:3790\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"prot=https%3A&server=<HONEYPOT>&inputStr=&action=getsoftware&user=admin&passwd=admin&new-passwd=&confirm-new-passwd=&ok=Log+In","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/global-protect/login.esp","summary":"","payload_hex":"504f5354202f676c6f62616c2d70726f746563742f6c6f67696e2e65737020485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a636f6e74656e742d6c656e6774683a203132380d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a333739300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a70726f743d6874747073253341267365727665723d<HONEYPOT>26696e7075745374723d26616374696f6e3d676574736f66747761726526757365723d61646d696e267061737377643d61646d696e266e65772d7061737377643d26636f6e6669726d2d6e65772d7061737377643d266f6b3d4c6f672b496e","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:AWdZW8IeQ2rHxibykjyDSL+PIOQ=","ja3":"43cf532976cbdec73c21b564756fd088","session":"9df1454d-51ae-4677-9ea6-90fd5fc6ee3a","seq":1,"duration_ms":101,"bytes_in":465,"bytes_out":79},{"timestamp":"2026-06-17T11:00:23","port":5604,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"content-length\":\"128\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:5604\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"prot=https%3A&server=<HONEYPOT>&inputStr=&action=getsoftware&user=admin&passwd=admin&new-passwd=&confirm-new-passwd=&ok=Log+In","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/global-protect/login.esp","summary":"","payload_hex":"504f5354202f676c6f62616c2d70726f746563742f6c6f67696e2e65737020485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a636f6e74656e742d6c656e6774683a203132380d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a353630340d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a70726f743d6874747073253341267365727665723d<HONEYPOT>26696e7075745374723d26616374696f6e3d676574736f66747761726526757365723d61646d696e267061737377643d61646d696e266e65772d7061737377643d26636f6e6669726d2d6e65772d7061737377643d266f6b3d4c6f672b496e","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:ZVnIquG6G/n+LTUIYmCfVGpSlYI=","ja3":"43cf532976cbdec73c21b564756fd088","session":"d2d06d7a-f4b3-4863-a270-052cd91ca78f","seq":1,"duration_ms":100,"bytes_in":465,"bytes_out":79}],"http_methods":[{"method":"GET","count":625},{"method":"POST","count":277}],"distinct_ports_total":386,"top_paths":[{"path":"/remote/login","count":270,"ports":180},{"path":"/login","count":269,"ports":180},{"path":"/global-protect/login.esp","count":253,"ports":196},{"path":"/+CSCOE+/logon.html","count":27,"ports":26},{"path":"/vpn/index.html","count":24,"ports":12},{"path":"/api/sonicos/is-sslvpn-enabled","count":20,"ports":20},{"path":"/","count":15,"ports":14},{"path":"/cgi/login","count":12,"ports":12},{"path":"/tcp/global-protect/login.esp","count":12,"ports":12}],"distinct_paths_total":9,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[{"username":"admin","password":"admin","count":277}],"header_profile":{"signature":["Accept-Encoding","Connection","Content-Length","Content-Type","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip, deflate, br","notable":false},{"name":"Connection","value":"close","notable":false},{"name":"Content-Length","value":"128","notable":false},{"name":"Content-Type","value":"application/x-www-form-urlencoded","notable":true},{"name":"Host","value":"<HONEYPOT>:593","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","notable":false}],"distinct_sets":1,"events_with_headers":10},"tags":[{"tag_id":"CVE-2015-1880","tag_type":"cve","title":"Fortinet FortiOS <=5.2.3 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/remote/login","reference_urls":["https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page","http://www.fortiguard.com/advisory/FG-IR-15-005/","https://nvd.nist.gov/vuln/detail/CVE-2015-1880","http://www.securitytracker.com/id/1032261","http://www.securitytracker.com/id/1032262"]},{"tag_id":"CVE-2018-10141","tag_type":"cve","title":"Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/global-protect/login.esp","reference_urls":["https://security.paloaltonetworks.com/CVE-2018-10141","https://nvd.nist.gov/vuln/detail/CVE-2018-10141","https://github.com/ARPSyndicate/kenzer-templates","https://github.com/Elsfa7-110/kenzer-templates"]}],"data_as_of":"2026-06-23T13:47:52.801268+00:00"}