{"ip":"45.142.193.24","total_events":1492,"verdict":{"verdict":"scanning","label":"Unrecognized scanner","detail":"572+ ports swept","confidence":"medium","network_type":null},"first_seen":"2026-02-26T06:42:46","last_seen":"2026-06-26T15:20:13","events_24h":73,"events_7d":403,"geo":{"country_code":"RO","country_name":"Romania","region":"","city":"","lat":45.9968,"lon":24.997,"asn":213388,"org":"Iic Rail Limited"},"source_domain":null,"known_scanners":[],"scanner_tag":null,"cve_matches":[{"cve_id":"CVE-2015-1880","title":"Fortinet FortiOS <=5.2.3 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/remote/login"},{"cve_id":"CVE-2018-10141","title":"Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/global-protect/login.esp"}],"top_ports":[{"port":2473,"proto":"tcp","label":"","count":24},{"port":3131,"proto":"tcp","label":"","count":20},{"port":3301,"proto":"tcp","label":"","count":20},{"port":3361,"proto":"tcp","label":"","count":20},{"port":1198,"proto":"tcp","label":"","count":20},{"port":7281,"proto":"tcp","label":"","count":20},{"port":266,"proto":"tcp","label":"","count":20},{"port":12487,"proto":"tcp","label":"","count":16},{"port":17778,"proto":"tcp","label":"","count":16},{"port":54138,"proto":"tcp","label":"","count":16},{"port":7002,"proto":"tcp","label":"","count":15},{"port":20547,"proto":"tcp","label":"","count":15},{"port":6407,"proto":"tcp","label":"","count":15},{"port":4519,"proto":"tcp","label":"","count":15},{"port":3794,"proto":"tcp","label":"","count":14}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i201100_2b729b4bf6f3_2e4f304f1f45","t13i181100_e8a523a41297_02c8e53ee398","t13i201000_2b729b4bf6f3_9e7b989ebec8","t13i180900_e8a523a41297_78e6aca7449b"],"tls_ja3":["43cf532976cbdec73c21b564756fd088","7c5a42bc3e6679b3cdf9ae958f3a6f4f"],"ja4h":["po11nn18ru_144a47e02f43","ge11nn0700_182a8d8ef009","po11nn0600_da06d4cb66f4","ge11cn06ru_aa7929e9d466","ge11nn10ru_779e54975f7d"]},"fingerprint_peers":{"t13i180900_e8a523a41297_78e6aca7449b":24,"t13i181100_e8a523a41297_02c8e53ee398":20,"ge11nn10ru_779e54975f7d":7,"ge11cn06ru_aa7929e9d466":12,"po11nn18ru_144a47e02f43":7,"ge11nn0700_182a8d8ef009":7,"po11nn0600_da06d4cb66f4":11},"user_agents":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203"],"timeline":[{"date":"2026-05-08","count":58},{"date":"2026-05-09","count":120},{"date":"2026-05-11","count":54},{"date":"2026-05-16","count":70},{"date":"2026-05-17","count":95},{"date":"2026-05-18","count":90},{"date":"2026-05-19","count":109},{"date":"2026-05-20","count":27},{"date":"2026-05-25","count":34},{"date":"2026-05-26","count":123},{"date":"2026-05-27","count":61},{"date":"2026-06-03","count":1},{"date":"2026-06-04","count":3},{"date":"2026-06-06","count":5},{"date":"2026-06-07","count":6},{"date":"2026-06-08","count":19},{"date":"2026-06-09","count":31},{"date":"2026-06-10","count":16},{"date":"2026-06-11","count":20},{"date":"2026-06-12","count":8},{"date":"2026-06-13","count":23},{"date":"2026-06-15","count":25},{"date":"2026-06-16","count":34},{"date":"2026-06-17","count":15},{"date":"2026-06-20","count":8},{"date":"2026-06-21","count":66},{"date":"2026-06-22","count":93},{"date":"2026-06-23","count":22},{"date":"2026-06-24","count":36},{"date":"2026-06-25","count":115},{"date":"2026-06-26","count":63}],"recent_events":[{"timestamp":"2026-06-26T15:20:13","port":2345,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2345\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/login","summary":"","payload_hex":"474554202f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a323334350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:6Emy6GS8pQ4vpFfWGb3Ad+huX10=","ja3":"7c5a42bc3e6679b3cdf9ae958f3a6f4f","session":"290d12ae-ee3d-4b3f-a0d5-5757f72a6a09","seq":1,"duration_ms":100,"bytes_in":249,"bytes_out":78},{"timestamp":"2026-06-26T15:20:13","port":2345,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2345\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/remote/login","summary":"","payload_hex":"474554202f72656d6f74652f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a323334350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:lG6ap2NiDEQP+denxieeh1xeIXg=","ja3":"43cf532976cbdec73c21b564756fd088","session":"b06a8c11-48e7-4a3c-86b9-440f76d8040b","seq":1,"duration_ms":100,"bytes_in":256,"bytes_out":78},{"timestamp":"2026-06-26T15:19:10","port":2080,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2080\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\",\"x-citrix-am-credentialtypes\":\"none, username, domain, password, newpassword, passcode, savecredentials, textcredential, webview, nsg-epa, nsg-x1, nsg-setclient, nsg-eula, nsg-tlogin, nsg-fullvpn, nsg-hidden, nsg-auth-failure, nsg-auth-success, nsg-epa-success, nsg-l20n, GoBack, nf-recaptcha, ns-dialogue, nf-gw-test, nf-poll, nsg_qrcode, nsg_manageotp, negotiate, nsg_push, nsg_push_otp, nf_sspr_rem\",\"x-citrix-am-labeltypes\":\"none, plain, heading, information, warning, error, confirmation, image, nsg-epa, nsg-epa-failure, nsg-login-label, tlogin-failure-msg, nsg-tlogin-heading, nsg-tlogin-single-res, nsg-tlogin-multi-res, nsg-tlogin, nsg-login-heading, nsg-fullvpn, nsg-l20n, nsg-l20n-error, certauth-failure-msg, dialogue-label, nsg-change-pass-assistive-text, nsg_confirmation, nsg_kba_registration_heading, nsg_email_registration_heading, nsg_kba_validation_question, nsg_sspr_success, nf-manage-otp\",\"x-citrix-isusinghttps\":\"Yes\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/vpn/index.html","summary":"","payload_hex":"474554202f76706e2f696e6465782e68746d6c20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a782d6369747269782d616d2d63726564656e7469616c74797065733a206e6f6e652c20757365726e616d652c20646f6d61696e2c2070617373776f72642c206e657770617373776f72642c2070617373636f64652c207361766563726564656e7469616c732c207465787463726564656e7469616c2c20776562766965772c206e73672d6570612c206e73672d78312c206e73672d736574636c69656e742c206e73672d65756c612c206e73672d746c6f67696e2c206e73672d66756c6c76706e2c206e73672d68696464656e2c206e73672d617574682d6661696c7572652c206e73672d617574682d737563636573732c206e73672d6570612d737563636573732c206e73672d6c32306e2c20476f4261636b2c206e662d7265636170746368612c206e732d6469616c6f6775652c206e662d67772d746573742c206e662d706f6c6c2c206e73675f7172636f64652c206e73675f6d616e6167656f74702c206e65676f74696174652c206e73675f707573682c206e73675f707573685f6f74702c206e665f737370725f72656d0d0a782d6369747269782d616d2d6c6162656c74797065733a206e6f6e652c20706c61696e2c2068656164696e672c20696e666f726d6174696f6e2c207761726e696e672c206572726f722c20636f6e6669726d6174696f6e2c20696d6167652c206e73672d6570612c206e73672d6570612d6661696c7572652c206e73672d6c6f67696e2d6c6162656c2c20746c6f67696e2d6661696c7572652d6d73672c206e73672d746c6f67696e2d68656164696e672c206e73672d746c6f67696e2d73696e676c652d7265732c206e73672d746c6f67696e2d6d756c74692d7265732c206e73672d746c6f67696e2c206e73672d6c6f67696e2d68656164696e672c206e73672d66756c6c76706e2c206e73672d6c32306e2c206e73672d6c32306e2d6572726f722c2063657274617574682d6661696c7572652d6d73672c206469616c6f6775652d6c6162656c2c206e73672d6368616e67652d706173732d6173736973746976652d746578742c206e73675f636f6e6669726d6174696f6e2c206e73675f6b62615f726567697374726174696f6e5f68656164696e672c206e73675f656d61696c5f726567697374726174696f6e5f68656164696e672c206e73675f6b62615f76616c69646174696f6e5f7175657374696f6e2c206e73675f737370725f737563636573732c206e662d6d616e6167652d6f74700d0a782d6369747269782d69737573696e6768747470733a205965730d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a323038300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:AKD2vdSUEqqWr97lTADWjt3gYVM=","ja3":"7c5a42bc3e6679b3cdf9ae958f3a6f4f","session":"7595d43d-6935-4cdc-a5b1-651d746b3be1","seq":1,"duration_ms":100,"bytes_in":1192,"bytes_out":78},{"timestamp":"2026-06-26T15:19:10","port":2080,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\",\"accept-encoding\":\"gzip, deflate, br\",\"accept-language\":\"ru,en;q=0.9,en-GB;q=0.8,en-US;q=0.7\",\"cache-control\":\"max-age=0\",\"connection\":\"close\",\"content-length\":\"53\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:2080\",\"referrer-policy\":\"strict-origin-when-cross-origin\",\"sec-ch-ua\":\"\\\"Not/A)Brand\\\";v=\\\"99\\\", \\\"Microsoft Edge\\\";v=\\\"115\\\", \\\"Chromium\\\";v=\\\"115\\\"\",\"sec-ch-ua-mobile\":\"?0\",\"sec-ch-ua-platform\":\"\\\"Windows\\\"\",\"sec-fetch-dest\":\"document\",\"sec-fetch-mode\":\"navigate\",\"sec-fetch-site\":\"same-origin\",\"sec-fetch-user\":\"?1\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"dummy_username=&dummy_pass1=&login=admin&passwd=admin","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/cgi/login","summary":"","payload_hex":"504f5354202f6367692f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c696d6167652f61706e672c2a2f2a3b713d302e382c6170706c69636174696f6e2f7369676e65642d65786368616e67653b763d62333b713d302e370d0a6163636570742d6c616e67756167653a2072752c656e3b713d302e392c656e2d47423b713d302e382c656e2d55533b713d302e370d0a63616368652d636f6e74726f6c3a206d61782d6167653d300d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a7365632d63682d75613a20224e6f742f41294272616e64223b763d223939222c20224d6963726f736f66742045646765223b763d22313135222c20224368726f6d69756d223b763d22313135220d0a7365632d63682d75612d6d6f62696c653a203f300d0a7365632d63682d75612d706c6174666f726d3a202257696e646f7773220d0a7365632d66657463682d646573743a20646f63756d656e740d0a7365632d66657463682d6d6f64653a206e617669676174650d0a7365632d66657463682d736974653a2073616d652d6f726967696e0d0a7365632d66657463682d757365723a203f310d0a757067726164652d696e7365637572652d72657175657374733a20310d0a72656665727265722d706f6c6963793a207374726963742d6f726967696e2d7768656e2d63726f73732d6f726967696e0d0a636f6e74656e742d6c656e6774683a2035330d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a323038300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a64756d6d795f757365726e616d653d2664756d6d795f70617373313d266c6f67696e3d61646d696e267061737377643d61646d696e","method":"POST","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:R/bXZofNUCTQuGx1maRhlndzEaI=","ja3":"7c5a42bc3e6679b3cdf9ae958f3a6f4f","session":"13f6ce33-060e-4800-af89-0193a8d50536","seq":1,"duration_ms":100,"bytes_in":902,"bytes_out":78},{"timestamp":"2026-06-26T15:19:10","port":2080,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\",\"accept-encoding\":\"gzip, deflate, br\",\"accept-language\":\"ru,en;q=0.9,en-GB;q=0.8,en-US;q=0.7\",\"cache-control\":\"max-age=0\",\"connection\":\"close\",\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"<HONEYPOT>:2080\",\"referrer-policy\":\"strict-origin-when-cross-origin\",\"upgrade-insecure-requests\":\"1\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/vpn/index.html","summary":"","payload_hex":"474554202f76706e2f696e6465782e68746d6c20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c696d6167652f61706e672c2a2f2a3b713d302e382c6170706c69636174696f6e2f7369676e65642d65786368616e67653b763d62333b713d302e370d0a6163636570742d6c616e67756167653a2072752c656e3b713d302e392c656e2d47423b713d302e382c656e2d55533b713d302e370d0a63616368652d636f6e74726f6c3a206d61782d6167653d300d0a636f6e74656e742d747970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a757067726164652d696e7365637572652d72657175657374733a20310d0a72656665727265722d706f6c6963793a207374726963742d6f726967696e2d7768656e2d63726f73732d6f726967696e0d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a323038300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:3U1aVX6eB6s5/15fXqDIcihadiw=","ja3":"43cf532976cbdec73c21b564756fd088","session":"c2e477c2-84b7-46cd-a091-51b555fb6c09","seq":1,"duration_ms":100,"bytes_in":600,"bytes_out":78},{"timestamp":"2026-06-26T15:15:46","port":2345,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2345\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/login","summary":"","payload_hex":"474554202f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a323334350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:ZvH8l5M1MC9TsWjPzC6z4tZKJlY=","ja3":"7c5a42bc3e6679b3cdf9ae958f3a6f4f","session":"98235061-d585-4bb3-bf05-2f6d4fa91315","seq":1,"duration_ms":100,"bytes_in":249,"bytes_out":78},{"timestamp":"2026-06-26T15:15:46","port":2345,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2345\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/remote/login","summary":"","payload_hex":"474554202f72656d6f74652f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a323334350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:q0fxZQc8k8lpXg0RIwTZAULiRlE=","ja3":"43cf532976cbdec73c21b564756fd088","session":"a818aec1-1098-42a1-8449-704a22ac4016","seq":1,"duration_ms":100,"bytes_in":256,"bytes_out":78},{"timestamp":"2026-06-26T15:13:23","port":2345,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2345\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/login","summary":"","payload_hex":"474554202f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a323334350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:mAgPSyONby6hMB7IrUEs8Fd5djU=","ja3":"7c5a42bc3e6679b3cdf9ae958f3a6f4f","session":"efc3a1ec-b242-4ce5-848c-1d48ee9dda5c","seq":1,"duration_ms":100,"bytes_in":249,"bytes_out":78},{"timestamp":"2026-06-26T15:13:23","port":2345,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2345\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/remote/login","summary":"","payload_hex":"474554202f72656d6f74652f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a323334350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:FmB17wcojnCiGaas+NGXRSLTjF4=","ja3":"43cf532976cbdec73c21b564756fd088","session":"bc91b6dc-9c80-471a-a029-16d19b7ffa96","seq":1,"duration_ms":100,"bytes_in":256,"bytes_out":78},{"timestamp":"2026-06-26T15:10:46","port":2345,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip, deflate, br\",\"connection\":\"close\",\"host\":\"<HONEYPOT>:2345\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/login","summary":"","payload_hex":"474554202f6c6f67696e20485454502f312e310d0a757365722d6167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f3131352e302e302e30205361666172692f3533372e3336204564672f3131352e302e313930312e3230330d0a6163636570742d656e636f64696e673a20677a69702c206465666c6174652c2062720d0a486f73743a20<HONEYPOT>3a323334350d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","community_id":"1:K/70IcuT1ky807Ry5MfpjfIhfzA=","ja3":"7c5a42bc3e6679b3cdf9ae958f3a6f4f","session":"adf1112b-f420-4846-88a5-fe1fe26c6b65","seq":1,"duration_ms":100,"bytes_in":249,"bytes_out":78}],"http_methods":[{"method":"GET","count":913},{"method":"POST","count":579}],"distinct_ports_total":572,"top_paths":[{"path":"/+CSCOE+/logon.html","count":573,"ports":360},{"path":"/global-protect/login.esp","count":471,"ports":276},{"path":"/vpn/index.html","count":165,"ports":31},{"path":"/cgi/login","count":82,"ports":31},{"path":"/login","count":61,"ports":41},{"path":"/remote/login","count":60,"ports":40},{"path":"/","count":54,"ports":49},{"path":"/remote/logincheck","count":26,"ports":13}],"distinct_paths_total":8,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[{"username":"admin","password":"admin","count":553},{"username":"admin","password":"","count":26}],"header_profile":{"signature":["Accept","Accept-Encoding","Accept-Language","Cache-Control","Connection","Content-Length","Content-Type","Host","Referrer-Policy","Sec-Ch-Ua","Sec-Ch-Ua-Mobile","Sec-Ch-Ua-Platform","Sec-Fetch-Dest","Sec-Fetch-Mode","Sec-Fetch-Site","Sec-Fetch-User","Upgrade-Insecure-Requests","User-Agent"],"representative":[{"name":"Accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","notable":false},{"name":"Accept-Encoding","value":"gzip, deflate, br","notable":false},{"name":"Accept-Language","value":"ru,en;q=0.9,en-GB;q=0.8,en-US;q=0.7","notable":false},{"name":"Cache-Control","value":"max-age=0","notable":false},{"name":"Connection","value":"close","notable":false},{"name":"Content-Length","value":"53","notable":false},{"name":"Content-Type","value":"application/x-www-form-urlencoded","notable":true},{"name":"Host","value":"<HONEYPOT>:2080","notable":false},{"name":"Referrer-Policy","value":"strict-origin-when-cross-origin","notable":false},{"name":"Sec-Ch-Ua","value":"\"Not/A)Brand\";v=\"99\", \"Microsoft Edge\";v=\"115\", \"Chromium\";v=\"115\"","notable":false},{"name":"Sec-Ch-Ua-Mobile","value":"?0","notable":false},{"name":"Sec-Ch-Ua-Platform","value":"\"Windows\"","notable":false},{"name":"Sec-Fetch-Dest","value":"document","notable":false},{"name":"Sec-Fetch-Mode","value":"navigate","notable":false},{"name":"Sec-Fetch-Site","value":"same-origin","notable":false},{"name":"Sec-Fetch-User","value":"?1","notable":false},{"name":"Upgrade-Insecure-Requests","value":"1","notable":false},{"name":"User-Agent","value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203","notable":false}],"distinct_sets":4,"events_with_headers":10},"tags":[{"tag_id":"CVE-2015-1880","tag_type":"cve","title":"Fortinet FortiOS <=5.2.3 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/remote/login","reference_urls":["https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page","http://www.fortiguard.com/advisory/FG-IR-15-005/","https://nvd.nist.gov/vuln/detail/CVE-2015-1880","http://www.securitytracker.com/id/1032261","http://www.securitytracker.com/id/1032262"]},{"tag_id":"CVE-2018-10141","tag_type":"cve","title":"Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting","severity":"medium","actively_exploited":false,"match_field":"url_path","matched_pattern":"/global-protect/login.esp","reference_urls":["https://security.paloaltonetworks.com/CVE-2018-10141","https://nvd.nist.gov/vuln/detail/CVE-2018-10141","https://github.com/ARPSyndicate/kenzer-templates","https://github.com/Elsfa7-110/kenzer-templates"]}],"data_as_of":"2026-06-26T16:29:33.327470+00:00"}