{"ip":"147.185.132.126","total_events":495,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-16T22:12:54","last_seen":"2026-06-25T01:52:13","events_24h":4,"events_7d":26,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":3389,"proto":"tcp","label":"RDP","count":17},{"port":3390,"proto":"tcp","label":"","count":17},{"port":7001,"proto":"tcp","label":"WebLogic","count":10},{"port":10001,"proto":"tcp","label":"","count":9},{"port":20257,"proto":"tcp","label":"","count":8},{"port":11112,"proto":"tcp","label":"","count":8},{"port":2601,"proto":"tcp","label":"","count":6},{"port":40000,"proto":"tcp","label":"","count":6},{"port":22460,"proto":"tcp","label":"","count":5},{"port":8159,"proto":"tcp","label":"","count":5},{"port":5000,"proto":"tcp","label":"Web-alt","count":5},{"port":50070,"proto":"tcp","label":"Hadoop","count":5},{"port":1080,"proto":"tcp","label":"SOCKS","count":5},{"port":64719,"proto":"tcp","label":"","count":4},{"port":789,"proto":"tcp","label":"","count":4}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190800_9dc949149365_97f8aa674fd9","t13i140900_cbb2034c60b8_e7c285222651","t13i311000_e8f1e7e78f70_24695f2957a7","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["1487bd354c20f20dd642bebc7f706e95","19e29534fd49dd27d09234e639c4057e"],"ja4h":["po11nn0300_7059b3fb2d4a","ge11nn0300_0db47b7d240d","ge11nn0200_5594a17e7e7e","ge11nn0200_3ed38b250d3d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":690,"t13i311000_e8f1e7e78f70_24695f2957a7":501,"t13i131000_f57a46bbacb6_ab7e3b40a677":5565,"t13i190800_9dc949149365_97f8aa674fd9":4387,"ge11nn0200_5594a17e7e7e":99,"ge11nn0300_0db47b7d240d":4238,"ge11nn0200_3ed38b250d3d":1487,"po11nn0300_7059b3fb2d4a":161},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","curl/7.68.0"],"timeline":[{"date":"2026-03-27","count":4},{"date":"2026-03-28","count":1},{"date":"2026-03-29","count":7},{"date":"2026-03-30","count":5},{"date":"2026-03-31","count":3},{"date":"2026-04-02","count":3},{"date":"2026-04-03","count":1},{"date":"2026-04-05","count":3},{"date":"2026-04-06","count":2},{"date":"2026-04-07","count":6},{"date":"2026-04-08","count":3},{"date":"2026-04-09","count":5},{"date":"2026-04-10","count":3},{"date":"2026-04-11","count":4},{"date":"2026-04-12","count":6},{"date":"2026-04-13","count":2},{"date":"2026-04-14","count":2},{"date":"2026-04-15","count":6},{"date":"2026-04-16","count":8},{"date":"2026-04-17","count":3},{"date":"2026-04-18","count":2},{"date":"2026-04-19","count":5},{"date":"2026-04-20","count":4},{"date":"2026-04-21","count":5},{"date":"2026-04-22","count":2},{"date":"2026-04-23","count":5},{"date":"2026-04-25","count":4},{"date":"2026-04-26","count":2},{"date":"2026-04-27","count":3},{"date":"2026-04-28","count":1},{"date":"2026-04-29","count":6},{"date":"2026-05-01","count":5},{"date":"2026-05-02","count":6},{"date":"2026-05-03","count":13},{"date":"2026-05-04","count":19},{"date":"2026-05-05","count":2},{"date":"2026-05-06","count":1},{"date":"2026-05-07","count":1},{"date":"2026-05-08","count":3},{"date":"2026-05-09","count":2},{"date":"2026-05-10","count":5},{"date":"2026-05-11","count":2},{"date":"2026-05-12","count":2},{"date":"2026-05-13","count":1},{"date":"2026-05-14","count":3},{"date":"2026-05-15","count":4},{"date":"2026-05-16","count":4},{"date":"2026-05-17","count":1},{"date":"2026-05-18","count":2},{"date":"2026-05-19","count":3},{"date":"2026-05-20","count":2},{"date":"2026-05-23","count":4},{"date":"2026-05-24","count":1},{"date":"2026-05-25","count":2},{"date":"2026-05-26","count":2},{"date":"2026-05-27","count":4},{"date":"2026-05-28","count":2},{"date":"2026-05-29","count":2},{"date":"2026-05-30","count":4},{"date":"2026-05-31","count":2},{"date":"2026-06-01","count":1},{"date":"2026-06-02","count":2},{"date":"2026-06-03","count":4},{"date":"2026-06-04","count":1},{"date":"2026-06-05","count":2},{"date":"2026-06-06","count":3},{"date":"2026-06-07","count":3},{"date":"2026-06-08","count":2},{"date":"2026-06-09","count":2},{"date":"2026-06-10","count":6},{"date":"2026-06-12","count":2},{"date":"2026-06-13","count":4},{"date":"2026-06-14","count":3},{"date":"2026-06-15","count":1},{"date":"2026-06-16","count":2},{"date":"2026-06-17","count":3},{"date":"2026-06-18","count":4},{"date":"2026-06-20","count":2},{"date":"2026-06-21","count":6},{"date":"2026-06-23","count":11},{"date":"2026-06-24","count":3},{"date":"2026-06-25","count":1}],"recent_events":[{"timestamp":"2026-06-25T01:52:13","port":9002,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9002\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393030320d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:H/ocy63rtGP8m06hLAckBgZPMgs=","ja3":"","session":"7becf735-5124-462b-9e8e-e842c4219dde","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":80},{"timestamp":"2026-06-24T23:52:09","port":38080,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:38080\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a33383038300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:qBtP17WJjvbiXOvIoZOU05rSVwQ=","ja3":"","session":"a724ff58-b5b1-4c2c-87b1-60e277a96305","seq":1,"duration_ms":100,"bytes_in":223,"bytes_out":80},{"timestamp":"2026-06-24T22:14:45","port":60443,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:60443\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a36303434330d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:U2WD3EN+A1XIGdRRvOe5yPstK4E=","ja3":"19e29534fd49dd27d09234e639c4057e","session":"964dfcfa-808f-4aee-9365-314a4e4ba478","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":80},{"timestamp":"2026-06-24T13:15:23","port":2121,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\r\n\r\n","payload_hex":"0d0a0d0a","method":"","user_agent":"","community_id":"1:1oYvDhXSC8oMy/eT2vak3x4j07A=","ja3":"","session":"d77a64a8-c850-45f0-a8c2-61e9a0e6dac0","seq":1,"duration_ms":100,"bytes_in":4,"bytes_out":15},{"timestamp":"2026-06-23T22:04:18","port":8088,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:FYjfTXcOO2ZernJZjeF3W+xeV2o=","ja3":"","session":"10fb4f4a-1de3-4db9-9251-4eecc8c7ba2a","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-23T20:08:13","port":2603,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\r\n\r\n","payload_hex":"0d0a0d0a","method":"","user_agent":"","community_id":"1:OOCDAPDgn02nZE/CXg7YPpgOB6g=","ja3":"","session":"6d5257ec-6bf7-4fbe-8975-cadee5fd8076","seq":1,"duration_ms":100,"bytes_in":4,"bytes_out":15},{"timestamp":"2026-06-23T18:44:13","port":5984,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/_config","summary":"","payload_hex":"474554202f5f636f6e66696720485454502f312e310d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:dYFax4TEYqbi7KllW+AHy0LZPFw=","ja3":"","session":"d5ae84f1-1365-427d-be74-f146c07fb0df","seq":1,"duration_ms":100,"bytes_in":192,"bytes_out":80},{"timestamp":"2026-06-23T17:03:30","port":5432,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000\b\u0004�\u0016/","payload_hex":"0000000804d2162f","method":"","user_agent":"","community_id":"1:Z1avJzlPST9N/AfmIWfYG1sl3Hs=","ja3":"","session":"ae4ad118-78e4-4a57-887e-8f8362c457ba","seq":1,"duration_ms":100,"bytes_in":8,"bytes_out":15},{"timestamp":"2026-06-23T16:09:58","port":11112,"proto":"tcp","app_proto":"","app_protocol":"dicom","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0001\u0000\u0000\u0000\u0000�\u0000\u0001\u0000\u0000ANY-SCP         ECHOSCU         0\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0010\u0000\u0000\u00151.2.840.10008.3.1.1.1 \u0000\u0000.\u0001\u0000\u0000\u00000\u0000\u0000\u00111.2.840.10008.1.1@\u0000\u0000\u00111.2.840.10008.1.2P\u0000\u0000:Q\u0000\u0000\u0004\u0000\u0000@\u0000R\u0000\u0000\u001b1.2.276.0.7230010.3.0.3.6.2U\u0000\u0000\u000fOFFIS_DCMTK_362","payload_hex":"0100000000cd00010000414e592d5343502020202020202020204543484f534355202020202020202020300000000000000000000000000000000000000000000000000000000000000010000015312e322e3834302e31303030382e332e312e312e312000002e0100000030000011312e322e3834302e31303030382e312e3140000011312e322e3834302e31303030382e312e325000003a51000004000040005200001b312e322e3237362e302e373233303031302e332e302e332e362e325500000f4f464649535f44434d544b5f333632","method":"","user_agent":"","community_id":"1:BvubiaKSH13cGxaij8Lcjl2eCrQ=","ja3":"","session":"e7cd656b-a273-441e-817b-86205b0c1406","seq":1,"duration_ms":101,"bytes_in":211,"bytes_out":15,"enriched":{"digest":"3fbe56701421731b","label":"DICOM","strings":["ANY-SCP         ECHOSCU         0","1.2.840.10008.3.1.1.1","1.2.840.10008.1.1@","1.2.840.10008.1.2P","1.2.276.0.7230010.3.0.3.6.2U","OFFIS_DCMTK_362","1.2.840.10008.3.1.1.1 .","1.2.840.10008.1.2P:Q"]}},{"timestamp":"2026-06-23T16:09:58","port":11112,"proto":"tcp","app_proto":"","app_protocol":"dicom","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0001\u0000\u0000\u0000\u0000�\u0000\u0001\u0000\u0000ANY-SCP         ECHOSCU         0\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0010\u0000\u0000\u00151.2.840.10008.3.1.1.1 \u0000\u0000.\u0001\u0000\u0000\u00000\u0000\u0000\u00111.2.840.10008.1.1@\u0000\u0000\u00111.2.840.10008.1.2P\u0000\u0000:Q\u0000\u0000\u0004\u0000\u0000@\u0000R\u0000\u0000\u001b1.2.276.0.7230010.3.0.3.6.2U\u0000\u0000\u000fOFFIS_DCMTK_362","payload_hex":"0100000000cd00010000414e592d5343502020202020202020204543484f534355202020202020202020300000000000000000000000000000000000000000000000000000000000000010000015312e322e3834302e31303030382e332e312e312e312000002e0100000030000011312e322e3834302e31303030382e312e3140000011312e322e3834302e31303030382e312e325000003a51000004000040005200001b312e322e3237362e302e373233303031302e332e302e332e362e325500000f4f464649535f44434d544b5f333632","method":"","user_agent":"","community_id":"1:hVl9KJ8KwLWBPCxGAIV3aMHtWsU=","ja3":"","session":"34a7ab69-0cec-4462-8739-fc1b6245ee48","seq":1,"duration_ms":100,"bytes_in":211,"bytes_out":15,"enriched":{"digest":"3fbe56701421731b","label":"DICOM","strings":["ANY-SCP         ECHOSCU         0","1.2.840.10008.3.1.1.1","1.2.840.10008.1.1@","1.2.840.10008.1.2P","1.2.276.0.7230010.3.0.3.6.2U","OFFIS_DCMTK_362","1.2.840.10008.3.1.1.1 .","1.2.840.10008.1.2P:Q"]}}],"http_methods":[{"method":"GET","count":159},{"method":"POST","count":1}],"distinct_ports_total":206,"top_paths":[{"path":"/","count":140,"ports":95},{"path":"/.well-known/security.txt","count":17,"ports":17},{"path":"/_config","count":3,"ports":1}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":4}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:9002","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":5},"tags":[],"data_as_of":"2026-06-25T11:34:49.592636+00:00"}