{"ip":"147.185.132.36","total_events":468,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-17T09:53:23","last_seen":"2026-06-25T12:15:07","events_24h":2,"events_7d":25,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":3389,"proto":"tcp","label":"RDP","count":45},{"port":20257,"proto":"tcp","label":"","count":19},{"port":20256,"proto":"tcp","label":"","count":10},{"port":1000,"proto":"tcp","label":"","count":8},{"port":5001,"proto":"tcp","label":"","count":8},{"port":2083,"proto":"tcp","label":"","count":7},{"port":548,"proto":"tcp","label":"","count":6},{"port":5000,"proto":"tcp","label":"Web-alt","count":6},{"port":7777,"proto":"tcp","label":"Oracle","count":5},{"port":31337,"proto":"tcp","label":"","count":5},{"port":7687,"proto":"tcp","label":"","count":4},{"port":8000,"proto":"tcp","label":"HTTP-alt","count":4},{"port":49501,"proto":"tcp","label":"","count":4},{"port":139,"proto":"tcp","label":"SMB","count":4},{"port":40000,"proto":"tcp","label":"","count":4}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190800_9dc949149365_97f8aa674fd9","t13i140900_cbb2034c60b8_e7c285222651","t13i311000_e8f1e7e78f70_24695f2957a7","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["1487bd354c20f20dd642bebc7f706e95","004556e859f3c26c5d19746b3a957c74","19e29534fd49dd27d09234e639c4057e","2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d","ge11nn0300_042112399351"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":690,"t13i311000_e8f1e7e78f70_24695f2957a7":501,"t13i131000_f57a46bbacb6_ab7e3b40a677":5570,"t13i190800_9dc949149365_97f8aa674fd9":5291,"ge11nn0300_0db47b7d240d":4241,"ge11nn0300_042112399351":3357,"ge11nn0200_3ed38b250d3d":1486,"ge10nn0200_5594a17e7e7e":1982},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","curl/7.68.0"],"timeline":[{"date":"2026-03-27","count":1},{"date":"2026-03-28","count":1},{"date":"2026-03-29","count":5},{"date":"2026-03-30","count":5},{"date":"2026-03-31","count":6},{"date":"2026-04-01","count":7},{"date":"2026-04-02","count":4},{"date":"2026-04-03","count":6},{"date":"2026-04-04","count":5},{"date":"2026-04-06","count":2},{"date":"2026-04-07","count":5},{"date":"2026-04-08","count":17},{"date":"2026-04-09","count":6},{"date":"2026-04-10","count":6},{"date":"2026-04-11","count":4},{"date":"2026-04-12","count":5},{"date":"2026-04-13","count":4},{"date":"2026-04-14","count":2},{"date":"2026-04-15","count":3},{"date":"2026-04-16","count":2},{"date":"2026-04-17","count":1},{"date":"2026-04-18","count":3},{"date":"2026-04-20","count":6},{"date":"2026-04-22","count":2},{"date":"2026-04-23","count":2},{"date":"2026-04-24","count":4},{"date":"2026-04-25","count":3},{"date":"2026-04-26","count":3},{"date":"2026-04-27","count":3},{"date":"2026-04-28","count":7},{"date":"2026-04-30","count":19},{"date":"2026-05-01","count":4},{"date":"2026-05-03","count":4},{"date":"2026-05-04","count":1},{"date":"2026-05-05","count":2},{"date":"2026-05-06","count":2},{"date":"2026-05-07","count":7},{"date":"2026-05-08","count":6},{"date":"2026-05-09","count":3},{"date":"2026-05-10","count":5},{"date":"2026-05-11","count":1},{"date":"2026-05-12","count":1},{"date":"2026-05-13","count":3},{"date":"2026-05-15","count":3},{"date":"2026-05-17","count":1},{"date":"2026-05-19","count":2},{"date":"2026-05-20","count":3},{"date":"2026-05-21","count":3},{"date":"2026-05-22","count":1},{"date":"2026-05-23","count":3},{"date":"2026-05-24","count":1},{"date":"2026-05-25","count":12},{"date":"2026-05-28","count":1},{"date":"2026-05-29","count":2},{"date":"2026-05-31","count":2},{"date":"2026-06-02","count":5},{"date":"2026-06-03","count":1},{"date":"2026-06-04","count":6},{"date":"2026-06-05","count":1},{"date":"2026-06-06","count":1},{"date":"2026-06-07","count":6},{"date":"2026-06-08","count":5},{"date":"2026-06-09","count":2},{"date":"2026-06-10","count":3},{"date":"2026-06-12","count":2},{"date":"2026-06-13","count":6},{"date":"2026-06-14","count":10},{"date":"2026-06-15","count":5},{"date":"2026-06-18","count":4},{"date":"2026-06-19","count":6},{"date":"2026-06-20","count":4},{"date":"2026-06-21","count":5},{"date":"2026-06-23","count":3},{"date":"2026-06-24","count":3},{"date":"2026-06-25","count":2}],"recent_events":[{"timestamp":"2026-06-25T12:15:07","port":4369,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0001n","payload_hex":"00016e","method":"","user_agent":"","community_id":"1:o0oWI/dNrm2mTXSmsSRkOkNN7oM=","ja3":"","session":"1f7e61af-a94a-4094-a047-0057ddb18198","seq":1,"duration_ms":100,"bytes_in":3,"bytes_out":14},{"timestamp":"2026-06-25T04:11:20","port":2379,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:2379\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a323337390d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:XW70TUii17mKjo9Lp9IOUv0HCSI=","ja3":"","session":"aa0ac68e-1284-4c7a-ae93-1397505923ea","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":79},{"timestamp":"2026-06-24T13:41:11","port":623,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\r\n\r\n","payload_hex":"0d0a0d0a","method":"","user_agent":"","community_id":"1:vTrQKUVc2YdpcJvsxsh33P4VVH0=","ja3":"","session":"dc28ecdf-28c7-46f0-9313-82ccacbadccc","seq":1,"duration_ms":100,"bytes_in":4,"bytes_out":14},{"timestamp":"2026-06-24T02:58:43","port":12694,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:12694\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a31323639340d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:22rM4vRzklEbKYjzwyPOUk+4M98=","ja3":"19e29534fd49dd27d09234e639c4057e","session":"c0d3eed2-c7dc-45e0-b1b9-9e91e7d8cd94","seq":1,"duration_ms":101,"bytes_in":221,"bytes_out":79},{"timestamp":"2026-06-24T00:40:36","port":444,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:444\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a3434340d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:dGXJUycC+Df2Wvj72Aq1Px6KYgs=","ja3":"19e29534fd49dd27d09234e639c4057e","session":"2da2cdc3-dda8-4b34-9ab9-a334f542cf24","seq":1,"duration_ms":100,"bytes_in":219,"bytes_out":79},{"timestamp":"2026-06-23T03:51:47","port":23856,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:23856\",\"user-agent\":\"curl/7.68.0\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32333835360d0a557365722d4167656e743a206375726c2f372e36382e300d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"curl/7.68.0","community_id":"1:S00O3McOvtAWJvuJMRTlZlb1Erw=","ja3":"004556e859f3c26c5d19746b3a957c74","session":"e12427c9-1285-434f-8373-c2ad8c037ca5","seq":1,"duration_ms":130,"bytes_in":82,"bytes_out":79},{"timestamp":"2026-06-23T02:36:50","port":3344,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:3344\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a333334340d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:Enf9a6zBvSxOEEKGUGOdC414h4Y=","ja3":"2196848d251b217de8b2c037e356c11d","session":"8c124f24-54e6-4463-898b-7eb749dc2ec7","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":79},{"timestamp":"2026-06-23T02:16:06","port":20121,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:20121\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32303132310d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:k6A49feoakM/v90iFdLQap5H8ic=","ja3":"2196848d251b217de8b2c037e356c11d","session":"41e74813-af5f-407c-81c5-1d9c9a5ee159","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":79},{"timestamp":"2026-06-21T19:42:56","port":636,"proto":"tcp","app_proto":"tls","app_protocol":"tls","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"0\f\u0002\u0001\u0001`\u0007\u0002\u0001\u0003\u0004\u0000�\u0000","payload_hex":"300c020101600702010304008000","method":"","user_agent":"","community_id":"1:QtQPHX9hsXEDxYx7qMuSaNX5g+8=","ja3":"19e29534fd49dd27d09234e639c4057e","session":"42acda37-73de-47dc-a4f0-01ee9046f8ba","seq":1,"duration_ms":100,"bytes_in":14,"bytes_out":14},{"timestamp":"2026-06-21T06:23:31","port":9002,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9002\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393030320d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:+ByDQ8KZVXi38OGxiLjkVI5k/AA=","ja3":"","session":"a329593a-6fa1-490b-8a5a-442b0a9bcf91","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":79}],"http_methods":[{"method":"GET","count":148}],"distinct_ports_total":192,"top_paths":[{"path":"/","count":127,"ports":92},{"path":"/.well-known/security.txt","count":20,"ports":17},{"path":"/_config","count":1,"ports":1}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":2}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:2379","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":7},"tags":[],"data_as_of":"2026-06-25T15:33:15.076897+00:00"}