{"ip":"147.185.132.99","total_events":422,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-17T13:43:07","last_seen":"2026-06-03T03:41:12","events_24h":0,"events_7d":29,"geo":{"country_code":"US","country_name":"","region":"","city":"","asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":3389,"proto":"tcp","label":"RDP","count":28},{"port":9983,"proto":"tcp","label":"","count":11},{"port":11911,"proto":"tcp","label":"","count":6},{"port":7080,"proto":"tcp","label":"","count":6},{"port":2404,"proto":"tcp","label":"","count":6},{"port":3299,"proto":"tcp","label":"","count":6},{"port":20257,"proto":"tcp","label":"","count":6},{"port":8088,"proto":"tcp","label":"Hadoop","count":6},{"port":10443,"proto":"tcp","label":"","count":5},{"port":20256,"proto":"tcp","label":"","count":5},{"port":6002,"proto":"tcp","label":"","count":5},{"port":8333,"proto":"tcp","label":"Bitcoin","count":4},{"port":2380,"proto":"tcp","label":"","count":4},{"port":7777,"proto":"tcp","label":"Oracle","count":4},{"port":58000,"proto":"tcp","label":"","count":4}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190800_9dc949149365_97f8aa674fd9","t13i140900_cbb2034c60b8_e7c285222651","t13i311000_e8f1e7e78f70_24695f2957a7","t13i131000_f57a46bbacb6_ab7e3b40a677"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d","ge11nn0300_042112399351"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":676,"t13i311000_e8f1e7e78f70_24695f2957a7":501,"t13i131000_f57a46bbacb6_ab7e3b40a677":5452,"t13i190800_9dc949149365_97f8aa674fd9":3580,"ge11nn0300_0db47b7d240d":3778,"ge11nn0300_042112399351":3295,"ge11nn0200_3ed38b250d3d":1548,"ge10nn0200_5594a17e7e7e":1933},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","curl/7.68.0"],"timeline":[{"date":"2026-03-06","count":17},{"date":"2026-03-07","count":1},{"date":"2026-03-08","count":8},{"date":"2026-03-09","count":2},{"date":"2026-03-10","count":8},{"date":"2026-03-11","count":9},{"date":"2026-03-12","count":6},{"date":"2026-03-13","count":4},{"date":"2026-03-14","count":6},{"date":"2026-03-15","count":8},{"date":"2026-03-16","count":9},{"date":"2026-03-17","count":6},{"date":"2026-03-18","count":3},{"date":"2026-03-20","count":1},{"date":"2026-03-21","count":4},{"date":"2026-03-24","count":2},{"date":"2026-03-25","count":2},{"date":"2026-03-27","count":6},{"date":"2026-03-28","count":3},{"date":"2026-03-29","count":3},{"date":"2026-03-30","count":8},{"date":"2026-04-01","count":1},{"date":"2026-04-02","count":7},{"date":"2026-04-04","count":4},{"date":"2026-04-05","count":3},{"date":"2026-04-06","count":2},{"date":"2026-04-07","count":4},{"date":"2026-04-08","count":5},{"date":"2026-04-09","count":9},{"date":"2026-04-10","count":5},{"date":"2026-04-11","count":6},{"date":"2026-04-12","count":14},{"date":"2026-04-13","count":2},{"date":"2026-04-15","count":1},{"date":"2026-04-16","count":1},{"date":"2026-04-17","count":4},{"date":"2026-04-18","count":3},{"date":"2026-04-19","count":3},{"date":"2026-04-20","count":2},{"date":"2026-04-21","count":5},{"date":"2026-04-22","count":2},{"date":"2026-04-24","count":4},{"date":"2026-04-26","count":2},{"date":"2026-04-27","count":3},{"date":"2026-04-28","count":2},{"date":"2026-04-29","count":6},{"date":"2026-04-30","count":4},{"date":"2026-05-01","count":1},{"date":"2026-05-02","count":3},{"date":"2026-05-03","count":1},{"date":"2026-05-04","count":3},{"date":"2026-05-05","count":1},{"date":"2026-05-06","count":5},{"date":"2026-05-07","count":2},{"date":"2026-05-08","count":1},{"date":"2026-05-09","count":5},{"date":"2026-05-10","count":4},{"date":"2026-05-11","count":2},{"date":"2026-05-12","count":2},{"date":"2026-05-13","count":14},{"date":"2026-05-14","count":1},{"date":"2026-05-15","count":4},{"date":"2026-05-16","count":3},{"date":"2026-05-17","count":6},{"date":"2026-05-18","count":1},{"date":"2026-05-20","count":1},{"date":"2026-05-21","count":1},{"date":"2026-05-22","count":5},{"date":"2026-05-23","count":2},{"date":"2026-05-24","count":1},{"date":"2026-05-26","count":1},{"date":"2026-05-27","count":3},{"date":"2026-05-28","count":1},{"date":"2026-05-29","count":3},{"date":"2026-05-31","count":6},{"date":"2026-06-01","count":15},{"date":"2026-06-02","count":3},{"date":"2026-06-03","count":1}],"recent_events":[{"timestamp":"2026-06-03T03:41:12","port":9002,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9002\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-02T20:40:42","port":2084,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:2084\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-02T04:36:52","port":8088,"proto":"tcp","app_proto":"","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-02T01:34:46","port":7001,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"t3 12.1.2\nAS:2048\nHL:19\n\n","method":"","user_agent":"","enriched":{"digest":"6a386c43d019ddd0","strings":["t3 12.1.2","AS:2048","HL:19"]}},{"timestamp":"2026-06-01T23:32:26","port":9983,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0016\u0003\u0001\u0000�\u0001\u0000\u0000�\u0003\u0003\r��\u001b\n�\u0015dc'@�Z�V\u001c�HlVϊ��E�7a\u0017�u� \\�XЪ.8�P��5�Q����\u0015\u001dsA�<��\t3㿊\u0014\u0000&�+�/�,�0̨̩�\t�\u0013�\n�\u0014\u0000�\u0000�\u0000/\u00005�\u0012\u0000\n\u0013\u0001\u0013\u0002\u0013\u0003\u0001\u0000\u0000{\u0000\u0005\u0000\u0005\u0001\u0000\u0000\u0000\u0000\u0000\n\u0000\n\u0000\b\u0000\u001d\u0000\u0017\u0000\u0018\u0000\u0019\u0000\u000b\u0000\u0002\u0001\u0000\u0000\r\u0000\u001a\u0000\u0018\b\u0004\u0004\u0003\b\u0007\b\u0005\b\u0006\u0004\u0001\u0005\u0001\u0006\u0001\u0005\u0003\u0006\u0003\u0002\u0001\u0002\u0003�\u0001\u0000\u0001\u0000\u0000\u0012\u0000\u0000\u0000+\u0000\t\b\u0003\u0004\u0003\u0003\u0003\u0002\u0003\u0001\u00003\u0000&\u0000$\u0000\u001d\u0000 �~k��;�\u0010�Jت���\u0006\u0007d���@�YF\u0004C3\u0012,Ck","method":"","user_agent":"","enriched":{"digest":"4a26a3cd4604b97d","label":"TLS/SSL","strings":["dc'@"]}},{"timestamp":"2026-06-01T23:32:26","port":9983,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000,'�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=qpZKGB\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","method":"","user_agent":"","enriched":{"digest":"4c02a3b98d7c4fc3","label":"TPKT (RDP/X.224)","strings":["Cookie: mstshash=qpZKGB"]}},{"timestamp":"2026-06-01T23:32:26","port":9983,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000,'�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=jaUdWN\r\n\u0001\u0000\b\u0000\u0001\u0000\u0000\u0000","method":"","user_agent":"","enriched":{"digest":"ec60d6aa7c2daeb7","label":"TPKT (RDP/X.224)","strings":["Cookie: mstshash=jaUdWN"]}},{"timestamp":"2026-06-01T23:32:25","port":9983,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0001�\u0002��e�\u0001�\u0004\u0001\u0001\u0004\u0001\u0001\u0001\u0001�0\u0019\u0002\u0001\"\u0002\u0001\u0002\u0002\u0001\u0000\u0002\u0001\u0001\u0002\u0001\u0000\u0002\u0001\u0001\u0002\u0002��\u0002\u0001\u00020\u0019\u0002\u0001\u0001\u0002\u0001\u0001\u0002\u0001\u0001\u0002\u0001\u0001\u0002\u0001\u0000\u0002\u0001\u0001\u0002\u0002\u0004 \u0002\u0001\u00020\u001c\u0002\u0002��\u0002\u0002�\u0017\u0002\u0002��\u0002\u0001\u0001\u0002\u0001\u0000\u0002\u0001\u0001\u0002\u0002��\u0002\u0001\u0002\u0004�\u0001/\u0000\u0005\u0000\u0014|\u0000\u0001�&\u0000\b\u0000\u0010\u0000\u0001�\u0000Duca�\u0018\u0001��\u0000\u0004\u0000\b\u0000\u0000\u0005 \u0003\u0001�\u0003�\t\b\u0000\u0000(\n\u0000\u0000E\u0000M\u0000P\u0000-\u0000L\u0000A\u0000P\u0000-\u00000\u00000\u00001\u00004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001�\u0001\u0000\u0000\u0000\u0000\u0000\u0010\u0000\u0007\u0000\u0001\u00007\u00006\u00004\u00008\u00007\u0000-\u0000O\u0000E\u0000M\u0000-\u00000\u00000\u00001\u00001\u00009\u00000\u00003\u0000-\u00000\u00000\u00001\u00000\u00007\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004�\f\u0000\t\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002�\f\u0000\u0016\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0003�,\u0000\u0003\u0000\u0000\u0000rdpdr\u0000\u0000\u0000\u0000\u0000��cliprdr\u0000\u0000\u0000��rdpsnd\u0000\u0000\u0000\u0000\u0000�","method":"","user_agent":"","enriched":{"digest":"ba65d28dc51cff33","label":"TPKT (RDP/X.224)","strings":["Duca","rdpdr","cliprdr","rdpsnd","EMP-LAP-0014","76487-OEM-0011903-00107"]}},{"timestamp":"2026-06-01T23:32:25","port":9983,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000'\"�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=BdAmxunIj\r\n","method":"","user_agent":"","enriched":{"digest":"e2b1179f9025debb","label":"TPKT (RDP/X.224)","strings":["Cookie: mstshash=BdAmxunIj"]}},{"timestamp":"2026-06-01T23:32:25","port":9983,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0001�\u0002��e�\u0001�\u0004\u0001\u0001\u0004\u0001\u0001\u0001\u0001�0\u0019\u0002\u0001\"\u0002\u0001\u0002\u0002\u0001\u0000\u0002\u0001\u0001\u0002\u0001\u0000\u0002\u0001\u0001\u0002\u0002��\u0002\u0001\u00020\u0019\u0002\u0001\u0001\u0002\u0001\u0001\u0002\u0001\u0001\u0002\u0001\u0001\u0002\u0001\u0000\u0002\u0001\u0001\u0002\u0002\u0004 \u0002\u0001\u00020\u001c\u0002\u0002��\u0002\u0002�\u0017\u0002\u0002��\u0002\u0001\u0001\u0002\u0001\u0000\u0002\u0001\u0001\u0002\u0002��\u0002\u0001\u0002\u0004�\u0001/\u0000\u0005\u0000\u0014|\u0000\u0001�&\u0000\b\u0000\u0010\u0000\u0001�\u0000Duca�\u0018\u0001��\u0000\u0004\u0000\b\u0000\u0000\u0005 \u0003\u0001�\u0003�\t\b\u0000\u0000(\n\u0000\u0000E\u0000M\u0000P\u0000-\u0000L\u0000A\u0000P\u0000-\u00000\u00000\u00001\u00004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001�\u0001\u0000\u0000\u0000\u0000\u0000\u0010\u0000\u0007\u0000\u0001\u00007\u00006\u00004\u00008\u00007\u0000-\u0000O\u0000E\u0000M\u0000-\u00000\u00000\u00001\u00001\u00009\u00000\u00003\u0000-\u00000\u00000\u00001\u00000\u00007\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004�\f\u0000\t\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002�\f\u0000\b\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0003�,\u0000\u0003\u0000\u0000\u0000rdpdr\u0000\u0000\u0000\u0000\u0000��cliprdr\u0000\u0000\u0000��rdpsnd\u0000\u0000\u0000\u0000\u0000�","method":"","user_agent":"","enriched":{"digest":"61e6671bdb19e455","label":"TPKT (RDP/X.224)","strings":["Duca","rdpdr","cliprdr","rdpsnd","EMP-LAP-0014","76487-OEM-0011903-00107"]}}],"http_methods":[{"method":"GET","count":129}],"distinct_ports_total":183,"top_paths":[{"path":"/","count":103,"ports":79},{"path":"/.well-known/security.txt","count":25,"ports":24},{"path":"/_config","count":1,"ports":1}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[],"top_alpns":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:9002","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":3},"tags":[],"data_as_of":"2026-06-04T14:46:31.022193+00:00"}