{"ip":"147.185.132.134","total_events":725,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-20T06:13:17","last_seen":"2026-06-23T13:57:46","events_24h":19,"events_7d":113,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":3388,"proto":"tcp","label":"","count":17},{"port":9623,"proto":"tcp","label":"","count":4},{"port":25426,"proto":"tcp","label":"","count":3},{"port":7538,"proto":"tcp","label":"","count":3},{"port":26573,"proto":"tcp","label":"","count":3},{"port":27974,"proto":"tcp","label":"","count":3},{"port":31290,"proto":"tcp","label":"","count":3},{"port":21372,"proto":"tcp","label":"","count":3},{"port":17080,"proto":"tcp","label":"","count":2},{"port":3843,"proto":"tcp","label":"","count":2},{"port":30266,"proto":"tcp","label":"","count":2},{"port":17836,"proto":"tcp","label":"","count":2},{"port":3796,"proto":"tcp","label":"","count":2},{"port":5222,"proto":"tcp","label":"XMPP","count":2},{"port":42420,"proto":"tcp","label":"","count":2}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t12i520600_3874cc0afe49_d74d77c6171b","t13i140900_cbb2034c60b8_e7c285222651","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["795bc7ce13f60d61e9ac03611dd36d90","2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":687,"t12i520600_3874cc0afe49_d74d77c6171b":276,"t13i131000_f57a46bbacb6_ab7e3b40a677":5559,"ge11nn0300_0db47b7d240d":4150,"ge10nn0200_5594a17e7e7e":1979},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-03-26","count":7},{"date":"2026-03-27","count":9},{"date":"2026-03-28","count":3},{"date":"2026-03-29","count":3},{"date":"2026-03-31","count":4},{"date":"2026-04-01","count":5},{"date":"2026-04-02","count":2},{"date":"2026-04-03","count":6},{"date":"2026-04-04","count":5},{"date":"2026-04-05","count":4},{"date":"2026-04-06","count":2},{"date":"2026-04-07","count":1},{"date":"2026-04-08","count":3},{"date":"2026-04-09","count":6},{"date":"2026-04-10","count":3},{"date":"2026-04-11","count":4},{"date":"2026-04-12","count":3},{"date":"2026-04-13","count":1},{"date":"2026-04-14","count":6},{"date":"2026-04-15","count":3},{"date":"2026-04-16","count":6},{"date":"2026-04-17","count":1},{"date":"2026-04-18","count":6},{"date":"2026-04-19","count":2},{"date":"2026-04-20","count":2},{"date":"2026-04-21","count":12},{"date":"2026-04-22","count":10},{"date":"2026-04-23","count":1},{"date":"2026-04-24","count":4},{"date":"2026-04-25","count":3},{"date":"2026-04-26","count":3},{"date":"2026-04-27","count":1},{"date":"2026-04-28","count":11},{"date":"2026-04-29","count":2},{"date":"2026-04-30","count":4},{"date":"2026-05-01","count":3},{"date":"2026-05-02","count":7},{"date":"2026-05-03","count":1},{"date":"2026-05-04","count":2},{"date":"2026-05-05","count":2},{"date":"2026-05-06","count":3},{"date":"2026-05-07","count":10},{"date":"2026-05-08","count":5},{"date":"2026-05-09","count":5},{"date":"2026-05-10","count":3},{"date":"2026-05-11","count":7},{"date":"2026-05-12","count":7},{"date":"2026-05-13","count":6},{"date":"2026-05-14","count":9},{"date":"2026-05-15","count":8},{"date":"2026-05-16","count":8},{"date":"2026-05-17","count":6},{"date":"2026-05-18","count":10},{"date":"2026-05-19","count":3},{"date":"2026-05-20","count":18},{"date":"2026-05-21","count":11},{"date":"2026-05-22","count":10},{"date":"2026-05-23","count":5},{"date":"2026-05-24","count":4},{"date":"2026-05-25","count":3},{"date":"2026-05-26","count":5},{"date":"2026-05-27","count":5},{"date":"2026-05-28","count":8},{"date":"2026-05-29","count":10},{"date":"2026-05-30","count":9},{"date":"2026-05-31","count":8},{"date":"2026-06-01","count":8},{"date":"2026-06-02","count":13},{"date":"2026-06-03","count":5},{"date":"2026-06-04","count":4},{"date":"2026-06-05","count":5},{"date":"2026-06-06","count":10},{"date":"2026-06-07","count":9},{"date":"2026-06-08","count":7},{"date":"2026-06-09","count":9},{"date":"2026-06-10","count":13},{"date":"2026-06-11","count":9},{"date":"2026-06-12","count":17},{"date":"2026-06-13","count":14},{"date":"2026-06-14","count":10},{"date":"2026-06-15","count":7},{"date":"2026-06-16","count":10},{"date":"2026-06-17","count":8},{"date":"2026-06-18","count":24},{"date":"2026-06-19","count":13},{"date":"2026-06-20","count":15},{"date":"2026-06-21","count":22},{"date":"2026-06-22","count":14},{"date":"2026-06-23","count":15}],"recent_events":[{"timestamp":"2026-06-23T13:57:46","port":30468,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:30468\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a33303436380d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:9DyEyn+fOBLxhK5yIEwJOmlT2cI=","ja3":"","session":"33274249-5b06-4474-8af0-796c65c47713","seq":1,"duration_ms":100,"bytes_in":223,"bytes_out":80},{"timestamp":"2026-06-23T13:21:19","port":18083,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:18083\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a31383038330d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:UxXFW0sVlFrYvI7A0DEzOrszZvg=","ja3":"2196848d251b217de8b2c037e356c11d","session":"d3270f27-ef39-4ea9-a726-07089d41353d","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":80},{"timestamp":"2026-06-23T11:39:41","port":49665,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:BQOZyWMUWLibpF+XVLVFAsJJywI=","ja3":"","session":"e0abd4af-f1c9-4c7c-8d6e-1c77161c0b44","seq":1,"duration_ms":101,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-23T10:44:34","port":3956,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:lo6zeEtfdSK1O206r9HDzKf0Qc4=","ja3":"","session":"1c72a538-4e55-4d8d-9bad-1cc43d39d68c","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-23T10:36:49","port":17264,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:t7G3kTdSj9fOmACVm8BuNkRMLag=","ja3":"","session":"631650bf-9ed2-4f81-a729-9b567633e9d3","seq":1,"duration_ms":101,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-23T10:27:59","port":37961,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:SZbU8SO39eabuI529BnVK4p312g=","ja3":"","session":"e7b2adb2-7098-4f66-887c-50c717a16779","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-23T10:27:59","port":37961,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:zHx/1A1DhsDJ4UWyAue4c8xRL0c=","ja3":"","session":"1aea0665-6c67-492d-b717-01cc72f0193a","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-23T10:03:39","port":42797,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:8vdlIJcp0Wd7l1Cc/ouwEqwJey4=","ja3":"","session":"78cd2a7b-51a6-430a-afa6-c2271fa54939","seq":1,"duration_ms":101,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-23T09:53:39","port":56938,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:FhMuEP0DcHRhsRtk2jmj91PpO4M=","ja3":"","session":"8c8ebef5-aaa3-425d-8689-910e79b52ee0","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-23T07:48:30","port":9342,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9342\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393334320d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:77IZ4aQTNV7B0dOdZaQUnGxISgE=","ja3":"","session":"824c5004-ca04-4105-a5ed-5c8785b9e0ea","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":80}],"http_methods":[{"method":"GET","count":517}],"distinct_ports_total":551,"top_paths":[{"path":"/","count":517,"ports":446}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":21}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:30468","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":10},"tags":[],"data_as_of":"2026-06-23T16:11:22.547713+00:00"}