{"ip":"147.185.132.38","total_events":1005,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-17T20:19:21","last_seen":"2026-06-25T13:24:09","events_24h":5,"events_7d":173,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":9252,"proto":"tcp","label":"","count":4},{"port":9404,"proto":"tcp","label":"","count":4},{"port":48883,"proto":"tcp","label":"","count":3},{"port":42420,"proto":"tcp","label":"","count":3},{"port":4172,"proto":"tcp","label":"","count":3},{"port":281,"proto":"tcp","label":"","count":3},{"port":9678,"proto":"tcp","label":"","count":3},{"port":8034,"proto":"tcp","label":"","count":3},{"port":45542,"proto":"tcp","label":"","count":3},{"port":9441,"proto":"tcp","label":"","count":3},{"port":45499,"proto":"tcp","label":"","count":3},{"port":15700,"proto":"tcp","label":"","count":3},{"port":225,"proto":"tcp","label":"","count":3},{"port":32085,"proto":"tcp","label":"","count":3},{"port":34512,"proto":"tcp","label":"","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i140900_cbb2034c60b8_e7c285222651","t12i520600_3874cc0afe49_d74d77c6171b","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["1487bd354c20f20dd642bebc7f706e95","2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":690,"t12i520600_3874cc0afe49_d74d77c6171b":273,"t13i131000_f57a46bbacb6_ab7e3b40a677":5570,"ge11nn0300_0db47b7d240d":4241,"ge11nn0200_3ed38b250d3d":1486,"ge10nn0200_5594a17e7e7e":1981},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-03-28","count":1},{"date":"2026-03-29","count":4},{"date":"2026-03-30","count":4},{"date":"2026-03-31","count":2},{"date":"2026-04-01","count":2},{"date":"2026-04-02","count":3},{"date":"2026-04-03","count":6},{"date":"2026-04-04","count":7},{"date":"2026-04-05","count":2},{"date":"2026-04-06","count":2},{"date":"2026-04-07","count":7},{"date":"2026-04-08","count":6},{"date":"2026-04-09","count":5},{"date":"2026-04-10","count":6},{"date":"2026-04-11","count":4},{"date":"2026-04-12","count":15},{"date":"2026-04-13","count":4},{"date":"2026-04-14","count":6},{"date":"2026-04-15","count":5},{"date":"2026-04-16","count":3},{"date":"2026-04-17","count":4},{"date":"2026-04-18","count":6},{"date":"2026-04-19","count":14},{"date":"2026-04-20","count":3},{"date":"2026-04-21","count":1},{"date":"2026-04-22","count":1},{"date":"2026-04-23","count":1},{"date":"2026-04-24","count":11},{"date":"2026-04-26","count":3},{"date":"2026-04-27","count":2},{"date":"2026-04-28","count":4},{"date":"2026-04-29","count":3},{"date":"2026-04-30","count":1},{"date":"2026-05-01","count":1},{"date":"2026-05-02","count":3},{"date":"2026-05-03","count":16},{"date":"2026-05-04","count":1},{"date":"2026-05-05","count":4},{"date":"2026-05-07","count":2},{"date":"2026-05-08","count":6},{"date":"2026-05-09","count":4},{"date":"2026-05-10","count":4},{"date":"2026-05-11","count":4},{"date":"2026-05-12","count":8},{"date":"2026-05-13","count":7},{"date":"2026-05-14","count":11},{"date":"2026-05-15","count":3},{"date":"2026-05-16","count":7},{"date":"2026-05-17","count":168},{"date":"2026-05-18","count":6},{"date":"2026-05-19","count":3},{"date":"2026-05-20","count":10},{"date":"2026-05-21","count":6},{"date":"2026-05-22","count":9},{"date":"2026-05-23","count":7},{"date":"2026-05-24","count":6},{"date":"2026-05-25","count":5},{"date":"2026-05-26","count":4},{"date":"2026-05-27","count":8},{"date":"2026-05-28","count":14},{"date":"2026-05-29","count":6},{"date":"2026-05-30","count":4},{"date":"2026-05-31","count":10},{"date":"2026-06-01","count":4},{"date":"2026-06-02","count":6},{"date":"2026-06-03","count":9},{"date":"2026-06-04","count":11},{"date":"2026-06-05","count":13},{"date":"2026-06-06","count":2},{"date":"2026-06-07","count":63},{"date":"2026-06-08","count":12},{"date":"2026-06-09","count":7},{"date":"2026-06-10","count":5},{"date":"2026-06-11","count":6},{"date":"2026-06-12","count":9},{"date":"2026-06-13","count":13},{"date":"2026-06-14","count":9},{"date":"2026-06-15","count":17},{"date":"2026-06-16","count":13},{"date":"2026-06-17","count":10},{"date":"2026-06-18","count":15},{"date":"2026-06-19","count":8},{"date":"2026-06-20","count":8},{"date":"2026-06-21","count":99},{"date":"2026-06-22","count":13},{"date":"2026-06-23","count":21},{"date":"2026-06-24","count":14},{"date":"2026-06-25","count":5}],"recent_events":[{"timestamp":"2026-06-25T13:24:09","port":59025,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:uGFh/AIQ5tTrb6Lu2Jl3s9CrRbU=","ja3":"","session":"54fbdcb9-2c26-4869-a115-7b73d3f02cbe","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-25T05:59:15","port":10817,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:mPb7zQ20S7RjDJs5YKPLrBcg8kk=","ja3":"","session":"5d4f3415-47aa-40f3-8edf-23fb4dc80235","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-25T05:37:31","port":62664,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:kOp8HclAeU207wa40SEJ3UBEh3g=","ja3":"","session":"0441f8f3-0b0c-40cf-8bd3-c88f060cd7bd","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-25T02:16:24","port":29588,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:nfWHJExnFTHkuqpFxzuDlR1DpXE=","ja3":"","session":"32780c81-c08d-4392-9592-7d25dad8163f","seq":1,"duration_ms":101,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-25T01:41:54","port":51536,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:bYyQNRXlTMCcWHIQyqha2VPJ324=","ja3":"","session":"9126374a-16fe-4672-a1ec-c32e8f87db26","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-24T18:01:34","port":56369,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:5j2xQKJIN2cfGSYmpPCreCj6WkQ=","ja3":"","session":"12e1d6d7-3bbb-4169-b26e-1bf7588ed1c7","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-24T17:54:24","port":103,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:K8Z7FTwTXS3ScIhm7Lavi+pZsn4=","ja3":"","session":"f13004ff-87a1-4645-b008-ade19a50d574","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-24T13:46:41","port":2534,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:2534\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a323533340d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:UFRNEbAGlyv7czRu2Rs4fe/LXuA=","ja3":"","session":"9e7e27c1-2255-4938-a6a9-e23eb5a87503","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":79},{"timestamp":"2026-06-24T10:22:34","port":50543,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:VHkj4kfd37bpDBjUJEWP8VVI19E=","ja3":"","session":"1c2c99b4-e3d4-4565-9147-6deda1c7e809","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-24T10:07:32","port":8899,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8899\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383839390d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:MJUhXc0NzcsInq7X8iPGJQKwI7s=","ja3":"2196848d251b217de8b2c037e356c11d","session":"d9955b56-8a78-46a2-82d6-0a85f8025b3d","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":79}],"http_methods":[{"method":"GET","count":818}],"distinct_ports_total":805,"top_paths":[{"path":"/","count":482,"ports":417},{"path":"/.well-known/security.txt","count":336,"ports":325}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":18}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:2534","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":10},"tags":[],"data_as_of":"2026-06-25T18:23:06.097063+00:00"}