{"ip":"147.185.132.179","total_events":743,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-17T05:40:47","last_seen":"2026-06-26T13:10:59","events_24h":18,"events_7d":87,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":3391,"proto":"tcp","label":"","count":17},{"port":23390,"proto":"tcp","label":"","count":17},{"port":44444,"proto":"tcp","label":"","count":4},{"port":4054,"proto":"tcp","label":"","count":3},{"port":8117,"proto":"tcp","label":"","count":3},{"port":3644,"proto":"tcp","label":"","count":3},{"port":2506,"proto":"tcp","label":"","count":3},{"port":48598,"proto":"tcp","label":"","count":3},{"port":9882,"proto":"tcp","label":"","count":3},{"port":9782,"proto":"tcp","label":"","count":3},{"port":11649,"proto":"tcp","label":"","count":3},{"port":3274,"proto":"tcp","label":"","count":3},{"port":17886,"proto":"tcp","label":"","count":3},{"port":63646,"proto":"tcp","label":"","count":3},{"port":48825,"proto":"tcp","label":"","count":2}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i140900_cbb2034c60b8_e7c285222651","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":1082,"t13i131000_f57a46bbacb6_ab7e3b40a677":5575,"ge11nn0300_0db47b7d240d":4271,"ge11nn0200_3ed38b250d3d":1882,"ge10nn0200_5594a17e7e7e":1989},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-03-30","count":1},{"date":"2026-03-31","count":3},{"date":"2026-04-01","count":2},{"date":"2026-04-02","count":1},{"date":"2026-04-03","count":5},{"date":"2026-04-05","count":46},{"date":"2026-04-07","count":6},{"date":"2026-04-08","count":2},{"date":"2026-04-09","count":8},{"date":"2026-04-10","count":21},{"date":"2026-04-11","count":3},{"date":"2026-04-12","count":3},{"date":"2026-04-14","count":4},{"date":"2026-04-16","count":7},{"date":"2026-04-17","count":5},{"date":"2026-04-18","count":3},{"date":"2026-04-19","count":3},{"date":"2026-04-21","count":8},{"date":"2026-04-22","count":2},{"date":"2026-04-23","count":1},{"date":"2026-04-24","count":1},{"date":"2026-04-25","count":3},{"date":"2026-04-26","count":4},{"date":"2026-04-27","count":3},{"date":"2026-04-28","count":2},{"date":"2026-04-29","count":4},{"date":"2026-04-30","count":4},{"date":"2026-05-01","count":6},{"date":"2026-05-02","count":2},{"date":"2026-05-03","count":3},{"date":"2026-05-05","count":6},{"date":"2026-05-06","count":1},{"date":"2026-05-07","count":4},{"date":"2026-05-08","count":4},{"date":"2026-05-09","count":4},{"date":"2026-05-10","count":4},{"date":"2026-05-11","count":3},{"date":"2026-05-12","count":10},{"date":"2026-05-13","count":8},{"date":"2026-05-14","count":8},{"date":"2026-05-15","count":11},{"date":"2026-05-16","count":4},{"date":"2026-05-17","count":8},{"date":"2026-05-18","count":4},{"date":"2026-05-19","count":6},{"date":"2026-05-20","count":1},{"date":"2026-05-21","count":4},{"date":"2026-05-22","count":11},{"date":"2026-05-23","count":7},{"date":"2026-05-24","count":8},{"date":"2026-05-25","count":4},{"date":"2026-05-26","count":8},{"date":"2026-05-27","count":5},{"date":"2026-05-28","count":7},{"date":"2026-05-29","count":10},{"date":"2026-05-30","count":9},{"date":"2026-05-31","count":10},{"date":"2026-06-01","count":4},{"date":"2026-06-02","count":9},{"date":"2026-06-03","count":10},{"date":"2026-06-04","count":5},{"date":"2026-06-05","count":18},{"date":"2026-06-06","count":3},{"date":"2026-06-07","count":7},{"date":"2026-06-08","count":10},{"date":"2026-06-09","count":5},{"date":"2026-06-10","count":13},{"date":"2026-06-11","count":19},{"date":"2026-06-12","count":5},{"date":"2026-06-13","count":8},{"date":"2026-06-14","count":6},{"date":"2026-06-15","count":8},{"date":"2026-06-16","count":9},{"date":"2026-06-17","count":7},{"date":"2026-06-18","count":17},{"date":"2026-06-19","count":8},{"date":"2026-06-20","count":11},{"date":"2026-06-21","count":9},{"date":"2026-06-22","count":15},{"date":"2026-06-23","count":16},{"date":"2026-06-24","count":10},{"date":"2026-06-25","count":15},{"date":"2026-06-26","count":9}],"recent_events":[{"timestamp":"2026-06-26T13:10:59","port":17109,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:2HlEWZSZ/p8gV2gPibisxM6w41g=","ja3":"","session":"d0a2da7f-69e2-4603-8080-3545c8fda7dd","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-26T09:53:24","port":19847,"proto":"tcp","app_proto":"","app_protocol":"ssh","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"SSH-2.0-ZGrab ZGrab SSH Survey\r\n","payload_hex":"5353482d322e302d5a47726162205a4772616220535348205375727665790d0a","method":"","user_agent":"","community_id":"1:mO7T7jZBHG+UTzTCsjN9NSMx8yc=","ja3":"","session":"7afe8e55-1cca-479e-b8a2-2fb05a852ea1","seq":1,"duration_ms":2101,"bytes_in":32,"bytes_out":15,"enriched":{"digest":"5192d527e0eab129","label":"SSH","strings":["SSH-2.0-ZGrab ZGrab SSH Survey"]}},{"timestamp":"2026-06-26T09:34:05","port":19971,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:3+9ueoBwbvL5ep8aF/KpaHqyQtA=","ja3":"","session":"78fbdaef-52ff-4bd8-8755-3af5022f4f09","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-26T09:34:05","port":19971,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:CPSvGaLt9AwlKrhb9iBo6O+ewoI=","ja3":"","session":"feb819cd-c51d-4571-bba6-3578e473cb03","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-26T05:08:36","port":8117,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8117\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383131370d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:ih4ETmUlNJRMoNZd/TygnxotLdQ=","ja3":"","session":"efe8121f-5b39-4a0d-b37b-8aa5b1581b68","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":80},{"timestamp":"2026-06-26T01:36:31","port":9392,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9392\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393339320d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:aAWvpdB6ZC9omQqXQYReY0l653c=","ja3":"","session":"013b09fd-eb29-4d6a-aecb-2a7d60f0f04d","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":80},{"timestamp":"2026-06-26T01:28:11","port":25950,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:bw/YMlHIl5c8/54zQfuq+sdvAAg=","ja3":"","session":"4eb63f34-1ea4-4221-a528-0c5c76d37706","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-26T01:09:20","port":54631,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:54631\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a35343633310d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:Dewx6EnROM1mzl7ryp5BLKsDWk8=","ja3":"2196848d251b217de8b2c037e356c11d","session":"692037eb-d5e7-4472-84aa-f4bc7273de32","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":80},{"timestamp":"2026-06-26T01:06:16","port":1042,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:cBCJQ1l99+hfVNkxjSPURjFQ4xI=","ja3":"","session":"b4f84c2c-4a07-4f76-bd27-c49e912cd47d","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-25T23:11:22","port":48295,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:48295\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34383239350d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:t40HI7cQ0ps2F0iAKVgeVsCuNMM=","ja3":"2196848d251b217de8b2c037e356c11d","session":"312a7b1e-4816-467a-aceb-2946830122bb","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":80}],"http_methods":[{"method":"GET","count":550}],"distinct_ports_total":558,"top_paths":[{"path":"/","count":485,"ports":414},{"path":"/.well-known/security.txt","count":65,"ports":62}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":21}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:8117","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":9},"tags":[],"data_as_of":"2026-06-26T16:30:16.428210+00:00"}