{"ip":"147.185.133.110","total_events":858,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-20T12:47:52","last_seen":"2026-06-26T13:18:56","events_24h":150,"events_7d":233,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[{"cve_id":"CVE-2026-34197","title":"Apache ActiveMQ - Remote Code Execution","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"/api/jolokia/"}],"top_ports":[{"port":3387,"proto":"tcp","label":"","count":17},{"port":29983,"proto":"tcp","label":"","count":17},{"port":443,"proto":"tcp","label":"HTTPS","count":7},{"port":80,"proto":"tcp","label":"HTTP","count":4},{"port":9269,"proto":"tcp","label":"","count":3},{"port":9755,"proto":"tcp","label":"","count":3},{"port":50802,"proto":"tcp","label":"","count":3},{"port":27766,"proto":"tcp","label":"","count":3},{"port":8214,"proto":"tcp","label":"","count":3},{"port":45727,"proto":"tcp","label":"","count":3},{"port":1011,"proto":"tcp","label":"","count":3},{"port":22150,"proto":"tcp","label":"","count":3},{"port":9429,"proto":"tcp","label":"","count":3},{"port":8196,"proto":"tcp","label":"","count":3},{"port":50594,"proto":"tcp","label":"","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i140900_cbb2034c60b8_e7c285222651","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["1487bd354c20f20dd642bebc7f706e95","2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":1071,"t13i131000_f57a46bbacb6_ab7e3b40a677":5575,"ge11nn0300_0db47b7d240d":4271,"ge11nn0200_3ed38b250d3d":1872,"ge10nn0200_5594a17e7e7e":1989},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-03-28","count":1},{"date":"2026-03-29","count":4},{"date":"2026-03-30","count":5},{"date":"2026-03-31","count":11},{"date":"2026-04-01","count":2},{"date":"2026-04-03","count":7},{"date":"2026-04-04","count":2},{"date":"2026-04-05","count":1},{"date":"2026-04-06","count":2},{"date":"2026-04-07","count":7},{"date":"2026-04-09","count":7},{"date":"2026-04-10","count":1},{"date":"2026-04-11","count":8},{"date":"2026-04-12","count":3},{"date":"2026-04-13","count":2},{"date":"2026-04-14","count":6},{"date":"2026-04-15","count":1},{"date":"2026-04-16","count":5},{"date":"2026-04-17","count":8},{"date":"2026-04-19","count":8},{"date":"2026-04-20","count":1},{"date":"2026-04-21","count":4},{"date":"2026-04-22","count":2},{"date":"2026-04-23","count":23},{"date":"2026-04-24","count":6},{"date":"2026-04-25","count":11},{"date":"2026-04-26","count":5},{"date":"2026-04-27","count":3},{"date":"2026-04-28","count":3},{"date":"2026-04-30","count":3},{"date":"2026-05-01","count":2},{"date":"2026-05-03","count":2},{"date":"2026-05-04","count":4},{"date":"2026-05-05","count":8},{"date":"2026-05-06","count":1},{"date":"2026-05-07","count":3},{"date":"2026-05-08","count":7},{"date":"2026-05-09","count":7},{"date":"2026-05-10","count":6},{"date":"2026-05-11","count":3},{"date":"2026-05-12","count":11},{"date":"2026-05-13","count":7},{"date":"2026-05-14","count":11},{"date":"2026-05-15","count":14},{"date":"2026-05-16","count":8},{"date":"2026-05-17","count":5},{"date":"2026-05-18","count":7},{"date":"2026-05-19","count":6},{"date":"2026-05-20","count":6},{"date":"2026-05-21","count":10},{"date":"2026-05-22","count":10},{"date":"2026-05-23","count":6},{"date":"2026-05-24","count":1},{"date":"2026-05-25","count":6},{"date":"2026-05-26","count":2},{"date":"2026-05-27","count":2},{"date":"2026-05-28","count":13},{"date":"2026-05-29","count":6},{"date":"2026-05-30","count":7},{"date":"2026-05-31","count":12},{"date":"2026-06-01","count":10},{"date":"2026-06-02","count":10},{"date":"2026-06-03","count":10},{"date":"2026-06-04","count":2},{"date":"2026-06-05","count":13},{"date":"2026-06-06","count":6},{"date":"2026-06-07","count":11},{"date":"2026-06-08","count":8},{"date":"2026-06-09","count":9},{"date":"2026-06-10","count":4},{"date":"2026-06-11","count":6},{"date":"2026-06-12","count":6},{"date":"2026-06-13","count":11},{"date":"2026-06-14","count":6},{"date":"2026-06-15","count":8},{"date":"2026-06-16","count":15},{"date":"2026-06-17","count":10},{"date":"2026-06-18","count":16},{"date":"2026-06-19","count":14},{"date":"2026-06-20","count":18},{"date":"2026-06-21","count":16},{"date":"2026-06-22","count":7},{"date":"2026-06-23","count":22},{"date":"2026-06-24","count":11},{"date":"2026-06-25","count":24},{"date":"2026-06-26","count":133}],"recent_events":[{"timestamp":"2026-06-26T13:18:56","port":47533,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:47533\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34373533330d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:LaTZbeaX1M7LGliKOht0D3qCPeA=","ja3":"2196848d251b217de8b2c037e356c11d","session":"34aa1804-0f6d-43da-892d-e12044200348","seq":1,"duration_ms":100,"bytes_in":223,"bytes_out":80},{"timestamp":"2026-06-26T09:49:33","port":16071,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:RNGO3nqucNk7gwI1jP52JxlcSGw=","ja3":"","session":"ebe65ec9-bf43-4dff-b1b6-974237d7ec2d","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-26T09:49:30","port":16071,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:K3O/E1z/pnlrwkuvwHVSkzuYa7Y=","ja3":"","session":"e66039f4-ab72-49d1-ad5d-c7774bd3a5fd","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-26T09:34:05","port":18888,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:18888\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a31383838380d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:Y5hH/F5SQ5IWCPE4erXTWqXe7Ls=","ja3":"2196848d251b217de8b2c037e356c11d","session":"51db0638-8d10-4bd6-b490-f6fe56d79ea5","seq":1,"duration_ms":100,"bytes_in":223,"bytes_out":80},{"timestamp":"2026-06-26T09:33:14","port":62973,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:75FYBVoxjCsEf7WhfKCsTRVqvI8=","ja3":"","session":"de8a8ef2-e48c-47a9-9dc8-6abe8a7ea47f","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-26T09:32:35","port":6866,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:chQcDSHAmMSFPSX3liZ0cetE71w=","ja3":"","session":"2d705984-3b5b-4790-a30c-6d0462872df6","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-26T09:23:35","port":25901,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:R3DFlFSKT3N714W+mvth8lwNJEY=","ja3":"","session":"6c998950-fecb-44f6-857d-cc1f0dc67965","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-26T08:27:40","port":30633,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:30633\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/jolokia","summary":"","payload_hex":"474554202f6a6f6c6f6b696120485454502f312e310d0a486f73743a20<HONEYPOT>3a33303633330d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:TZ8t7nnD4GmoM5OWE+KEwsrxu2w=","ja3":"","session":"3f68169b-372c-474e-88f0-f37c1b6e57f8","seq":1,"duration_ms":100,"bytes_in":206,"bytes_out":80},{"timestamp":"2026-06-26T08:27:40","port":26317,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:26317\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/jolokia/write","summary":"","payload_hex":"474554202f6a6f6c6f6b69612f777269746520485454502f312e310d0a486f73743a20<HONEYPOT>3a32363331370d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:g0X9XHA2MzHnOz9rAY//np6QdEc=","ja3":"","session":"6f1b1e23-e5a5-4084-9bfc-1120dd17c312","seq":1,"duration_ms":100,"bytes_in":212,"bytes_out":80},{"timestamp":"2026-06-26T08:27:40","port":21897,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:21897\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/jolokia/exec","summary":"","payload_hex":"474554202f6a6f6c6f6b69612f6578656320485454502f312e310d0a486f73743a20<HONEYPOT>3a32313839370d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:hyUWMJtwcMOALzmf8GqxiTuKbV4=","ja3":"","session":"f95821e3-6138-4c25-a5a5-6f22533721eb","seq":1,"duration_ms":100,"bytes_in":211,"bytes_out":80}],"http_methods":[{"method":"GET","count":646}],"distinct_ports_total":661,"top_paths":[{"path":"/","count":527,"ports":451},{"path":"/jolokia/write","count":20,"ports":20},{"path":"/jolokia","count":15,"ports":15},{"path":"/jolokia/exec","count":15,"ports":15},{"path":"/api/jolokia","count":14,"ports":14},{"path":"/jolokia/list","count":13,"ports":13},{"path":"/actuator/jolokia/version","count":13,"ports":13},{"path":"/jolokia/version","count":11,"ports":11},{"path":"/api/jolokia/version","count":9,"ports":9},{"path":"/api/jolokia/list","count":9,"ports":9}],"distinct_paths_total":10,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":27}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:47533","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":3,"events_with_headers":10},"tags":[{"tag_id":"CVE-2026-34197","tag_type":"cve","title":"Apache ActiveMQ - Remote Code Execution","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"/api/jolokia/","reference_urls":[]}],"data_as_of":"2026-06-26T15:55:48.185011+00:00"}