{"ip":"45.142.193.239","total_events":1527,"verdict":{"verdict":"scanning","label":"Unrecognized scanner","detail":"433+ ports swept","confidence":"medium","network_type":null,"why":["No exploit payloads observed.","Swept 433 distinct ports (threshold for a sweep is 10).","Not in any known-scanner range."]},"first_seen":"2026-04-20T12:23:48","last_seen":"2026-07-03T09:19:01","events_24h":0,"events_7d":238,"geo":{"country_code":"RO","country_name":"Romania","region":"","city":"","lat":45.9968,"lon":24.997,"asn":213388,"org":"Iic Rail Limited"},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[{"cve_id":"CVE-2015-1880","title":"Fortinet FortiOS <=5.2.3 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/remote/login"},{"cve_id":"CVE-2018-10141","title":"Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/global-protect/login.esp"}],"malware":[],"top_ports":[{"port":8090,"proto":"tcp","label":"","count":17},{"port":4840,"proto":"tcp","label":"","count":15},{"port":8124,"proto":"tcp","label":"","count":14},{"port":944,"proto":"tcp","label":"","count":14},{"port":8121,"proto":"tcp","label":"","count":14},{"port":968,"proto":"tcp","label":"","count":14},{"port":8129,"proto":"tcp","label":"","count":14},{"port":980,"proto":"tcp","label":"","count":14},{"port":8094,"proto":"tcp","label":"","count":14},{"port":971,"proto":"tcp","label":"","count":14},{"port":8098,"proto":"tcp","label":"","count":14},{"port":22705,"proto":"tcp","label":"","count":10},{"port":58392,"proto":"tcp","label":"","count":10},{"port":7548,"proto":"tcp","label":"","count":9},{"port":4452,"proto":"tcp","label":"","count":8}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i181100_e8a523a41297_02c8e53ee398","t13i131000_f57a46bbacb6_e5728521abd4","t13i180900_e8a523a41297_78e6aca7449b"],"tls_ja3":["43cf532976cbdec73c21b564756fd088","7c5a42bc3e6679b3cdf9ae958f3a6f4f"],"ja4h":["po11nn18ru_144a47e02f43","ge11nn0400_11975a10f91b","po11nn0600_da06d4cb66f4","ge11cn06ru_aa7929e9d466","ge11nn10ru_779e54975f7d"]},"fingerprint_peers":{"t13i180900_e8a523a41297_78e6aca7449b":13,"t13i131000_f57a46bbacb6_e5728521abd4":198,"t13i181100_e8a523a41297_02c8e53ee398":11,"ge11nn10ru_779e54975f7d":3,"ge11cn06ru_aa7929e9d466":3,"ge11nn0400_11975a10f91b":7,"po11nn18ru_144a47e02f43":3,"po11nn0600_da06d4cb66f4":11},"user_agents":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"timeline":[{"date":"2026-04-20","count":3},{"date":"2026-04-21","count":8},{"date":"2026-04-22","count":14},{"date":"2026-04-23","count":5},{"date":"2026-04-24","count":4},{"date":"2026-05-01","count":52},{"date":"2026-05-02","count":44},{"date":"2026-05-08","count":84},{"date":"2026-05-09","count":276},{"date":"2026-05-10","count":66},{"date":"2026-05-11","count":71},{"date":"2026-05-12","count":70},{"date":"2026-05-13","count":116},{"date":"2026-05-14","count":104},{"date":"2026-05-15","count":84},{"date":"2026-05-16","count":38},{"date":"2026-05-27","count":21},{"date":"2026-06-04","count":3},{"date":"2026-06-06","count":1},{"date":"2026-06-07","count":12},{"date":"2026-06-08","count":21},{"date":"2026-06-09","count":24},{"date":"2026-06-10","count":13},{"date":"2026-06-11","count":15},{"date":"2026-06-12","count":6},{"date":"2026-06-13","count":18},{"date":"2026-06-14","count":3},{"date":"2026-06-15","count":14},{"date":"2026-06-16","count":30},{"date":"2026-06-17","count":22},{"date":"2026-06-25","count":9},{"date":"2026-06-26","count":21},{"date":"2026-06-27","count":41},{"date":"2026-06-28","count":58},{"date":"2026-06-29","count":50},{"date":"2026-07-01","count":30},{"date":"2026-07-02","count":55},{"date":"2026-07-03","count":21}],"recent_events":[{"timestamp":"2026-07-03T09:19:01","port":587,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:587\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\",\"x-citrix-am-credentialtypes\":\"none, username, domain, password, newpassword, passcode, savecredentials, textcredential, webview, nsg-epa, nsg-x1, nsg-setclient, nsg-eula, nsg-tlogin, nsg-fullvpn, nsg-hidden, nsg-auth-failure, nsg-auth-success, nsg-epa-success, nsg-l20n, GoBack, nf-recaptcha, ns-dialogue, nf-gw-test, nf-poll, nsg_qrcode, nsg_manageotp, negotiate, nsg_push, nsg_push_otp, nf_sspr_rem\",\"x-citrix-am-labeltypes\":\"none, plain, heading, information, warning, error, confirmation, image, nsg-epa, nsg-epa-failure, nsg-login-label, tlogin-failure-msg, nsg-tlogin-heading, nsg-tlogin-single-res, nsg-tlogin-multi-res, nsg-tlogin, nsg-login-heading, nsg-fullvpn, nsg-l20n, nsg-l20n-error, certauth-failure-msg, dialogue-label, nsg-change-pass-assistive-text, nsg_confirmation, nsg_kba_registration_heading, nsg_email_registration_heading, nsg_kba_validation_question, nsg_sspr_success, nf-manage-otp\",\"x-citrix-isusinghttps\":\"Yes\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/vpn/index.html","summary":"","payload_hex":"474554202f76706e2f696e6465782e68746d6c20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a782d6369747269782d616d2d63726564656e7469616c74797065733a206e6f6e652c20757365726e616d652c20646f6d61696e2c2070617373776f72642c206e657770617373776f72642c2070617373636f64652c207361766563726564656e7469616c732c207465787463726564656e7469616c2c20776562766965772c206e73672d6570612c206e73672d78312c206e73672d736574636c69656e742c206e73672d65756c612c206e73672d746c6f67696e2c206e73672d66756c6c76706e2c206e73672d68696464656e2c206e73672d617574682d6661696c7572652c206e73672d617574682d737563636573732c206e73672d6570612d737563636573732c206e73672d6c32306e2c20476f4261636b2c206e662d7265636170746368612c206e732d6469616c6f6775652c206e662d67772d746573742c206e662d706f6c6c2c206e73675f7172636f64652c206e73675f6d616e6167656f74702c206e65676f74696174652c206e73675f707573682c206e73675f707573685f6f74702c206e665f737370725f72656d0d0a782d6369747269782d616d2d6c6162656c74797065733a206e6f6e652c20706c61696e2c2068656164696e672c20696e666f726d6174696f6e2c207761726e696e672c206572726f722c20636f6e6669726d6174696f6e2c20696d6167652c206e73672d6570612c206e73672d6570612d6661696c7572652c206e73672d6c6f67696e2d6c6162656c2c20746c6f67696e2d6661696c7572652d6d73672c206e73672d746c6f67696e2d68656164696e672c206e73672d746c6f67696e2d73696e676c652d7265732c206e73672d746c6f67696e2d6d756c74692d7265732c206e73672d746c6f67696e2c206e73672d6c6f67696e2d68656164696e672c206e73672d66756c6c76706e2c206e73672d6c32306e2c206e73672d6c32306e2d6572726f722c2063657274617574682d6661696c7572652d6d73672c206469616c6f6775652d6c6162656c2c206e73672d6368616e67652d706173732d6173736973746976652d746578742c206e73675f636f6e6669726d6174696f6e2c206e73675f6b62615f726567697374726174696f6e5f68656164696e672c206e73675f656d61696c5f726567697374726174696f6e5f68656164696e672c206e73675f6b62615f76616c69646174696f6e5f7175657374696f6e2c206e73675f737370725f737563636573732c206e662d6d616e6167652d6f74700d0a782d6369747269782d69737573696e6768747470733a205965730d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a3538370d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:NMTE+PhOV0wRhJWWV4OIotZD3j4=","ja3":"7c5a42bc3e6679b3cdf9ae958f3a6f4f","session":"6d45afed-b665-452a-b5b9-c82ef92f0a2e","seq":1,"duration_ms":100,"bytes_in":1190,"bytes_out":40},{"timestamp":"2026-07-03T09:19:01","port":587,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\",\"accept-encoding\":\"gzip, deflate, br\",\"accept-language\":\"ru,en;q=0.9,en-GB;q=0.8,en-US;q=0.7\",\"cache-control\":\"max-age=0\",\"connection\":\"close\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:587\",\"referrer-policy\":\"strict-origin-when-cross-origin\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/vpn/index.html","summary":"","payload_hex":"474554202f76706e2f696e6465782e68746d6c20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c696d6167652f61706e672c2a2f2a3b713d302e382c6170706c69636174696f6e2f7369676e65642d65786368616e67653b763d62333b713d302e370d0a6163636570742d6c616e67756167653a2072752c656e3b713d302e392c656e2d47423b713d302e382c656e2d55533b713d302e370d0a63616368652d636f6e74726f6c3a206d61782d6167653d300d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a757067726164652d696e7365637572652d72657175657374733a20310d0a72656665727265722d706f6c6963793a207374726963742d6f726967696e2d7768656e2d63726f73732d6f726967696e0d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a3538370d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:wIPPdlrIZ3c5DtRx9FE4/sTkWFc=","ja3":"43cf532976cbdec73c21b564756fd088","session":"4099fd18-4147-4f9e-9365-41bb6aa8eb9e","seq":1,"duration_ms":94,"bytes_in":598,"bytes_out":40},{"timestamp":"2026-07-03T08:09:09","port":3118,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:3118\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\",\"x-citrix-am-credentialtypes\":\"none, username, domain, password, newpassword, passcode, savecredentials, textcredential, webview, nsg-epa, nsg-x1, nsg-setclient, nsg-eula, nsg-tlogin, nsg-fullvpn, nsg-hidden, nsg-auth-failure, nsg-auth-success, nsg-epa-success, nsg-l20n, GoBack, nf-recaptcha, ns-dialogue, nf-gw-test, nf-poll, nsg_qrcode, nsg_manageotp, negotiate, nsg_push, nsg_push_otp, nf_sspr_rem\",\"x-citrix-am-labeltypes\":\"none, plain, heading, information, warning, error, confirmation, image, nsg-epa, nsg-epa-failure, nsg-login-label, tlogin-failure-msg, nsg-tlogin-heading, nsg-tlogin-single-res, nsg-tlogin-multi-res, nsg-tlogin, nsg-login-heading, nsg-fullvpn, nsg-l20n, nsg-l20n-error, certauth-failure-msg, dialogue-label, nsg-change-pass-assistive-text, nsg_confirmation, nsg_kba_registration_heading, nsg_email_registration_heading, nsg_kba_validation_question, nsg_sspr_success, nf-manage-otp\",\"x-citrix-isusinghttps\":\"Yes\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/vpn/index.html","summary":"","payload_hex":"474554202f76706e2f696e6465782e68746d6c20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a782d6369747269782d616d2d63726564656e7469616c74797065733a206e6f6e652c20757365726e616d652c20646f6d61696e2c2070617373776f72642c206e657770617373776f72642c2070617373636f64652c207361766563726564656e7469616c732c207465787463726564656e7469616c2c20776562766965772c206e73672d6570612c206e73672d78312c206e73672d736574636c69656e742c206e73672d65756c612c206e73672d746c6f67696e2c206e73672d66756c6c76706e2c206e73672d68696464656e2c206e73672d617574682d6661696c7572652c206e73672d617574682d737563636573732c206e73672d6570612d737563636573732c206e73672d6c32306e2c20476f4261636b2c206e662d7265636170746368612c206e732d6469616c6f6775652c206e662d67772d746573742c206e662d706f6c6c2c206e73675f7172636f64652c206e73675f6d616e6167656f74702c206e65676f74696174652c206e73675f707573682c206e73675f707573685f6f74702c206e665f737370725f72656d0d0a782d6369747269782d616d2d6c6162656c74797065733a206e6f6e652c20706c61696e2c2068656164696e672c20696e666f726d6174696f6e2c207761726e696e672c206572726f722c20636f6e6669726d6174696f6e2c20696d6167652c206e73672d6570612c206e73672d6570612d6661696c7572652c206e73672d6c6f67696e2d6c6162656c2c20746c6f67696e2d6661696c7572652d6d73672c206e73672d746c6f67696e2d68656164696e672c206e73672d746c6f67696e2d73696e676c652d7265732c206e73672d746c6f67696e2d6d756c74692d7265732c206e73672d746c6f67696e2c206e73672d6c6f67696e2d68656164696e672c206e73672d66756c6c76706e2c206e73672d6c32306e2c206e73672d6c32306e2d6572726f722c2063657274617574682d6661696c7572652d6d73672c206469616c6f6775652d6c6162656c2c206e73672d6368616e67652d706173732d6173736973746976652d746578742c206e73675f636f6e6669726d6174696f6e2c206e73675f6b62615f726567697374726174696f6e5f68656164696e672c206e73675f656d61696c5f726567697374726174696f6e5f68656164696e672c206e73675f6b62615f76616c69646174696f6e5f7175657374696f6e2c206e73675f737370725f737563636573732c206e662d6d616e6167652d6f74700d0a782d6369747269782d69737573696e6768747470733a205965730d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a333131380d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:h8cJXNcmIXkqY8EJOdpZleFKSEM=","ja3":"7c5a42bc3e6679b3cdf9ae958f3a6f4f","session":"79705264-9365-4b37-aa96-721edcec5aef","seq":1,"duration_ms":100,"bytes_in":1191,"bytes_out":79},{"timestamp":"2026-07-03T08:09:08","port":3118,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\",\"accept-encoding\":\"gzip, deflate, br\",\"accept-language\":\"ru,en;q=0.9,en-GB;q=0.8,en-US;q=0.7\",\"cache-control\":\"max-age=0\",\"connection\":\"close\",\"content-length\":\"61\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:3118\",\"referrer-policy\":\"strict-origin-when-cross-origin\",\"sec-ch-ua\":\"\\\"Not/A)Brand\\\";v=\\\"99\\\", \\\"Microsoft Edge\\\";v=\\\"115\\\", \\\"Chromium\\\";v=\\\"115\\\"\",\"sec-ch-ua-mobile\":\"?0\",\"sec-ch-ua-platform\":\"\\\"Windows\\\"\",\"sec-fetch-dest\":\"document\",\"sec-fetch-mode\":\"navigate\",\"sec-fetch-site\":\"same-origin\",\"sec-fetch-user\":\"?1\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"dummy_username=&dummy_pass1=&login=guest&passwd=s%40cr%40t%21","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/cgi/login","summary":"","payload_hex":"504f5354202f6367692f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c696d6167652f61706e672c2a2f2a3b713d302e382c6170706c69636174696f6e2f7369676e65642d65786368616e67653b763d62333b713d302e370d0a6163636570742d6c616e67756167653a2072752c656e3b713d302e392c656e2d47423b713d302e382c656e2d55533b713d302e370d0a63616368652d636f6e74726f6c3a206d61782d6167653d300d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a7365632d63682d75613a20224e6f742f41294272616e64223b763d223939222c20224d6963726f736f66742045646765223b763d22313135222c20224368726f6d69756d223b763d22313135220d0a7365632d63682d75612d6d6f62696c653a203f300d0a7365632d63682d75612d706c6174666f726d3a202257696e646f7773220d0a7365632d66657463682d646573743a20646f63756d656e740d0a7365632d66657463682d6d6f64653a206e617669676174650d0a7365632d66657463682d736974653a2073616d652d6f726967696e0d0a7365632d66657463682d757365723a203f310d0a757067726164652d696e7365637572652d72657175657374733a20310d0a72656665727265722d706f6c6963793a207374726963742d6f726967696e2d7768656e2d63726f73732d6f726967696e0d0a636f6e74656e742d6c656e6774683a2036310d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a333131380d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a64756d6d795f757365726e616d653d2664756d6d795f70617373313d266c6f67696e3d6775657374267061737377643d73253430637225343074253231","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:E263l1NIpDQhVI8v9C6yGEQSfxE=","ja3":"7c5a42bc3e6679b3cdf9ae958f3a6f4f","session":"dd270cb8-03a7-4c46-b860-9ddb89c57696","seq":1,"duration_ms":101,"bytes_in":909,"bytes_out":79},{"timestamp":"2026-07-03T08:09:08","port":3118,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\",\"accept-encoding\":\"gzip, deflate, br\",\"accept-language\":\"ru,en;q=0.9,en-GB;q=0.8,en-US;q=0.7\",\"cache-control\":\"max-age=0\",\"connection\":\"close\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:3118\",\"referrer-policy\":\"strict-origin-when-cross-origin\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/vpn/index.html","summary":"","payload_hex":"474554202f76706e2f696e6465782e68746d6c20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c696d6167652f61706e672c2a2f2a3b713d302e382c6170706c69636174696f6e2f7369676e65642d65786368616e67653b763d62333b713d302e370d0a6163636570742d6c616e67756167653a2072752c656e3b713d302e392c656e2d47423b713d302e382c656e2d55533b713d302e370d0a63616368652d636f6e74726f6c3a206d61782d6167653d300d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a757067726164652d696e7365637572652d72657175657374733a20310d0a72656665727265722d706f6c6963793a207374726963742d6f726967696e2d7768656e2d63726f73732d6f726967696e0d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a333131380d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:0KfUA+3VGLtQjTcNRggtGf0DMdc=","ja3":"43cf532976cbdec73c21b564756fd088","session":"297c7e09-e436-46ee-8a6d-aba36e4f1618","seq":1,"duration_ms":100,"bytes_in":599,"bytes_out":79},{"timestamp":"2026-07-03T07:37:20","port":22403,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:22403\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/login","summary":"","payload_hex":"474554202f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a32323430330d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:SyIdUgPWErQIUN6zcQHMeYeRo18=","ja3":"7c5a42bc3e6679b3cdf9ae958f3a6f4f","session":"fc400131-f52c-45b9-939d-125bdebcb5af","seq":1,"duration_ms":100,"bytes_in":248,"bytes_out":79},{"timestamp":"2026-07-03T07:37:20","port":22403,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:22403\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/remote/login","summary":"","payload_hex":"474554202f72656d6f74652f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a32323430330d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:spb9A+on7mF3g3k+q310tZu0Np4=","ja3":"43cf532976cbdec73c21b564756fd088","session":"7e1e1367-41dc-431e-a275-9ecaa9e17b1f","seq":1,"duration_ms":100,"bytes_in":255,"bytes_out":79},{"timestamp":"2026-07-03T04:52:32","port":9445,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:9445\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/login","summary":"","payload_hex":"474554202f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a393434350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:SJNC6LO1mZh0pejqWjMVIoKZGCQ=","ja3":"7c5a42bc3e6679b3cdf9ae958f3a6f4f","session":"2ddda761-c1ff-4d40-b375-fb48aab1caf1","seq":1,"duration_ms":100,"bytes_in":247,"bytes_out":79},{"timestamp":"2026-07-03T04:52:32","port":9445,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:9445\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/remote/login","summary":"","payload_hex":"474554202f72656d6f74652f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a393434350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:AjTyIhcNo5bh+a1FgQpFJdE9CLY=","ja3":"43cf532976cbdec73c21b564756fd088","session":"09d3ee06-00cb-4bc4-900c-e4409940cc2f","seq":1,"duration_ms":101,"bytes_in":254,"bytes_out":79},{"timestamp":"2026-07-03T04:33:20","port":7687,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:7687\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\",\"x-citrix-am-credentialtypes\":\"none, username, domain, password, newpassword, passcode, savecredentials, textcredential, webview, nsg-epa, nsg-x1, nsg-setclient, nsg-eula, nsg-tlogin, nsg-fullvpn, nsg-hidden, nsg-auth-failure, nsg-auth-success, nsg-epa-success, nsg-l20n, GoBack, nf-recaptcha, ns-dialogue, nf-gw-test, nf-poll, nsg_qrcode, nsg_manageotp, negotiate, nsg_push, nsg_push_otp, nf_sspr_rem\",\"x-citrix-am-labeltypes\":\"none, plain, heading, information, warning, error, confirmation, image, nsg-epa, nsg-epa-failure, nsg-login-label, tlogin-failure-msg, nsg-tlogin-heading, nsg-tlogin-single-res, nsg-tlogin-multi-res, nsg-tlogin, nsg-login-heading, nsg-fullvpn, nsg-l20n, nsg-l20n-error, certauth-failure-msg, dialogue-label, nsg-change-pass-assistive-text, nsg_confirmation, nsg_kba_registration_heading, nsg_email_registration_heading, nsg_kba_validation_question, nsg_sspr_success, nf-manage-otp\",\"x-citrix-isusinghttps\":\"Yes\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/vpn/index.html","summary":"","payload_hex":"474554202f76706e2f696e6465782e68746d6c20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a782d6369747269782d616d2d63726564656e7469616c74797065733a206e6f6e652c20757365726e616d652c20646f6d61696e2c2070617373776f72642c206e657770617373776f72642c2070617373636f64652c207361766563726564656e7469616c732c207465787463726564656e7469616c2c20776562766965772c206e73672d6570612c206e73672d78312c206e73672d736574636c69656e742c206e73672d65756c612c206e73672d746c6f67696e2c206e73672d66756c6c76706e2c206e73672d68696464656e2c206e73672d617574682d6661696c7572652c206e73672d617574682d737563636573732c206e73672d6570612d737563636573732c206e73672d6c32306e2c20476f4261636b2c206e662d7265636170746368612c206e732d6469616c6f6775652c206e662d67772d746573742c206e662d706f6c6c2c206e73675f7172636f64652c206e73675f6d616e6167656f74702c206e65676f74696174652c206e73675f707573682c206e73675f707573685f6f74702c206e665f737370725f72656d0d0a782d6369747269782d616d2d6c6162656c74797065733a206e6f6e652c20706c61696e2c2068656164696e672c20696e666f726d6174696f6e2c207761726e696e672c206572726f722c20636f6e6669726d6174696f6e2c20696d6167652c206e73672d6570612c206e73672d6570612d6661696c7572652c206e73672d6c6f67696e2d6c6162656c2c20746c6f67696e2d6661696c7572652d6d73672c206e73672d746c6f67696e2d68656164696e672c206e73672d746c6f67696e2d73696e676c652d7265732c206e73672d746c6f67696e2d6d756c74692d7265732c206e73672d746c6f67696e2c206e73672d6c6f67696e2d68656164696e672c206e73672d66756c6c76706e2c206e73672d6c32306e2c206e73672d6c32306e2d6572726f722c2063657274617574682d6661696c7572652d6d73672c206469616c6f6775652d6c6162656c2c206e73672d6368616e67652d706173732d6173736973746976652d746578742c206e73675f636f6e6669726d6174696f6e2c206e73675f6b62615f726567697374726174696f6e5f68656164696e672c206e73675f656d61696c5f726567697374726174696f6e5f68656164696e672c206e73675f6b62615f76616c69646174696f6e5f7175657374696f6e2c206e73675f737370725f737563636573732c206e662d6d616e6167652d6f74700d0a782d6369747269782d69737573696e6768747470733a205965730d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a373638370d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:o3N1avZG8jp4qDoigU3o36mqVyk=","ja3":"7c5a42bc3e6679b3cdf9ae958f3a6f4f","session":"de96500a-f641-4cef-ad1c-7baa8230c87a","seq":1,"duration_ms":100,"bytes_in":1191,"bytes_out":79}],"http_methods":[{"method":"GET","count":1207},{"method":"POST","count":320}],"distinct_ports_total":433,"top_paths":[{"path":"/login","count":335,"ports":269},{"path":"/remote/login","count":335,"ports":269},{"path":"/vpn/index.html","count":238,"ports":86},{"path":"/+CSCOE+/logon.html","count":194,"ports":145},{"path":"/global-protect/login.esp","count":182,"ports":148},{"path":"/cgi/login","count":117,"ports":85},{"path":"/","count":92,"ports":69},{"path":"/api/sonicos/is-sslvpn-enabled","count":34,"ports":33}],"distinct_paths_total":8,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[{"username":"admin","password":"admin","count":257},{"username":"Admin","password":"q1w2e3r4","count":25},{"username":"guest","password":"s%40cr%40t%21","count":17}],"header_profile":{"signature":["Accept","Accept-Encoding","Accept-Language","Cache-Control","Connection","Content-Length","Content-Type","Host","Referrer-Policy","Sec-Ch-Ua","Sec-Ch-Ua-Mobile","Sec-Ch-Ua-Platform","Sec-Fetch-Dest","Sec-Fetch-Mode","Sec-Fetch-Site","Sec-Fetch-User","Upgrade-Insecure-Requests","User-Agent"],"representative":[{"name":"Accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","notable":false},{"name":"Accept-Encoding","value":"gzip, deflate, br","notable":false},{"name":"Accept-Language","value":"ru,en;q=0.9,en-GB;q=0.8,en-US;q=0.7","notable":false},{"name":"Cache-Control","value":"max-age=0","notable":false},{"name":"Connection","value":"close","notable":false},{"name":"Content-Length","value":"61","notable":false},{"name":"Content-Type","value":"application/x-www-form-urlencoded","notable":true},{"name":"Host","value":"<HONEYPOT>:3118","notable":false},{"name":"Referrer-Policy","value":"strict-origin-when-cross-origin","notable":false},{"name":"Sec-Ch-Ua","value":"\"Not/A)Brand\";v=\"99\", \"Microsoft Edge\";v=\"115\", \"Chromium\";v=\"115\"","notable":false},{"name":"Sec-Ch-Ua-Mobile","value":"?0","notable":false},{"name":"Sec-Ch-Ua-Platform","value":"\"Windows\"","notable":false},{"name":"Sec-Fetch-Dest","value":"document","notable":false},{"name":"Sec-Fetch-Mode","value":"navigate","notable":false},{"name":"Sec-Fetch-Site","value":"same-origin","notable":false},{"name":"Sec-Fetch-User","value":"?1","notable":false},{"name":"Upgrade-Insecure-Requests","value":"1","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","notable":false}],"distinct_sets":4,"events_with_headers":10},"tags":[{"tag_id":"CVE-2015-1880","tag_type":"cve","title":"Fortinet FortiOS <=5.2.3 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/remote/login","reference_urls":["https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page","http://www.fortiguard.com/advisory/FG-IR-15-005/","https://nvd.nist.gov/vuln/detail/CVE-2015-1880","http://www.securitytracker.com/id/1032261","http://www.securitytracker.com/id/1032262"]},{"tag_id":"CVE-2018-10141","tag_type":"cve","title":"Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/global-protect/login.esp","reference_urls":["https://security.paloaltonetworks.com/CVE-2018-10141","https://nvd.nist.gov/vuln/detail/CVE-2018-10141","https://github.com/ARPSyndicate/kenzer-templates","https://github.com/Elsfa7-110/kenzer-templates"]}],"data_as_of":"2026-07-04T09:25:23.057098+00:00"}