{"ip":"147.185.133.116","total_events":637,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-19T00:29:23","last_seen":"2026-06-22T01:42:50","events_24h":4,"events_7d":86,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":38272,"proto":"tcp","label":"","count":3},{"port":48501,"proto":"tcp","label":"","count":3},{"port":19031,"proto":"tcp","label":"","count":3},{"port":63008,"proto":"tcp","label":"","count":3},{"port":37806,"proto":"tcp","label":"","count":3},{"port":35984,"proto":"tcp","label":"","count":3},{"port":44097,"proto":"tcp","label":"","count":3},{"port":7955,"proto":"tcp","label":"","count":3},{"port":9260,"proto":"tcp","label":"","count":3},{"port":9638,"proto":"tcp","label":"","count":3},{"port":23450,"proto":"tcp","label":"","count":3},{"port":46850,"proto":"tcp","label":"","count":3},{"port":30452,"proto":"tcp","label":"","count":3},{"port":40925,"proto":"tcp","label":"","count":3},{"port":2112,"proto":"tcp","label":"","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t12i520600_3874cc0afe49_d74d77c6171b","t13i140900_cbb2034c60b8_e7c285222651","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":758,"t12i520600_3874cc0afe49_d74d77c6171b":270,"t13i131000_f57a46bbacb6_ab7e3b40a677":5539,"ge11nn0300_0db47b7d240d":4185,"ge10nn0200_5594a17e7e7e":1975},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-03-25","count":1},{"date":"2026-03-26","count":3},{"date":"2026-03-27","count":4},{"date":"2026-03-28","count":1},{"date":"2026-03-29","count":5},{"date":"2026-03-30","count":2},{"date":"2026-03-31","count":4},{"date":"2026-04-01","count":5},{"date":"2026-04-02","count":8},{"date":"2026-04-03","count":3},{"date":"2026-04-04","count":8},{"date":"2026-04-05","count":1},{"date":"2026-04-06","count":7},{"date":"2026-04-07","count":4},{"date":"2026-04-08","count":2},{"date":"2026-04-09","count":6},{"date":"2026-04-11","count":1},{"date":"2026-04-12","count":7},{"date":"2026-04-13","count":1},{"date":"2026-04-14","count":10},{"date":"2026-04-15","count":2},{"date":"2026-04-16","count":3},{"date":"2026-04-17","count":4},{"date":"2026-04-19","count":6},{"date":"2026-04-21","count":1},{"date":"2026-04-22","count":2},{"date":"2026-04-23","count":6},{"date":"2026-04-24","count":9},{"date":"2026-04-25","count":1},{"date":"2026-04-28","count":1},{"date":"2026-04-29","count":2},{"date":"2026-04-30","count":6},{"date":"2026-05-01","count":2},{"date":"2026-05-02","count":1},{"date":"2026-05-03","count":2},{"date":"2026-05-04","count":2},{"date":"2026-05-05","count":3},{"date":"2026-05-06","count":2},{"date":"2026-05-07","count":4},{"date":"2026-05-08","count":7},{"date":"2026-05-09","count":5},{"date":"2026-05-10","count":8},{"date":"2026-05-11","count":5},{"date":"2026-05-12","count":11},{"date":"2026-05-13","count":16},{"date":"2026-05-14","count":10},{"date":"2026-05-15","count":6},{"date":"2026-05-16","count":7},{"date":"2026-05-17","count":6},{"date":"2026-05-18","count":6},{"date":"2026-05-19","count":2},{"date":"2026-05-20","count":12},{"date":"2026-05-21","count":4},{"date":"2026-05-22","count":5},{"date":"2026-05-23","count":16},{"date":"2026-05-24","count":6},{"date":"2026-05-25","count":6},{"date":"2026-05-26","count":10},{"date":"2026-05-27","count":4},{"date":"2026-05-28","count":9},{"date":"2026-05-29","count":8},{"date":"2026-05-30","count":9},{"date":"2026-05-31","count":9},{"date":"2026-06-01","count":10},{"date":"2026-06-02","count":9},{"date":"2026-06-03","count":16},{"date":"2026-06-04","count":11},{"date":"2026-06-05","count":8},{"date":"2026-06-06","count":5},{"date":"2026-06-07","count":8},{"date":"2026-06-08","count":8},{"date":"2026-06-09","count":10},{"date":"2026-06-10","count":11},{"date":"2026-06-11","count":9},{"date":"2026-06-12","count":13},{"date":"2026-06-13","count":6},{"date":"2026-06-14","count":5},{"date":"2026-06-15","count":11},{"date":"2026-06-16","count":18},{"date":"2026-06-17","count":7},{"date":"2026-06-18","count":10},{"date":"2026-06-19","count":19},{"date":"2026-06-20","count":11},{"date":"2026-06-21","count":12},{"date":"2026-06-22","count":1}],"recent_events":[{"timestamp":"2026-06-22T01:42:50","port":27094,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:pAAGFXbQrJ9HfQFqbrozDZvTbMI=","ja3":"","session":"cbda756c-4622-4ae0-afe1-bd3d77747b73","seq":1,"duration_ms":101,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-21T21:19:49","port":3330,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:IoKelYfho9ecpc4H9dukAG5bL70=","ja3":"","session":"88b34b4c-6182-4585-9237-a42268c16e05","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-21T17:47:30","port":15287,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:SpTMEiQBTUoAqHlDk+WakzPkemE=","ja3":"","session":"7c9c5eae-a2d4-4442-884e-2b6b0720f9cd","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-21T13:47:16","port":9630,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9630\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393633300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:AJrx9LWsPv0Ml81omu8ceFoLTr8=","ja3":"","session":"3f4728f5-a46c-46c6-b7f4-9bc59a5b865d","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":80},{"timestamp":"2026-06-21T06:33:29","port":9390,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9390\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393339300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:gsPiSJFA++5UeSm1aumumGMtxwg=","ja3":"","session":"c1afd64b-6ce4-4bf1-be86-a10b0e307f4b","seq":1,"duration_ms":101,"bytes_in":220,"bytes_out":80},{"timestamp":"2026-06-21T06:07:11","port":9895,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9895\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393839350d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:pOIE/afx2GjfpE48y6dqJBJiWHU=","ja3":"","session":"debaf6a2-9e38-47ce-8646-dace89eb740f","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":80},{"timestamp":"2026-06-21T05:42:37","port":8285,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8285\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383238350d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:pZ6btgW7K6J7ccZzCtCQm6+XjyE=","ja3":"","session":"39c7c581-9367-45bd-a05a-2cee17fa53d8","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":80},{"timestamp":"2026-06-21T05:34:37","port":47461,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:47461\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34373436310d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:mZCfrtkXbvYYUS8HIucrxW4pPg0=","ja3":"2196848d251b217de8b2c037e356c11d","session":"06951334-efd2-408d-90d8-b8f58be977d5","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":80},{"timestamp":"2026-06-21T05:33:53","port":42431,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:3j+Hn3NGixs3y3XuCabH0VLX+JE=","ja3":"","session":"63e89ef3-e06e-4c63-808f-9782bac7ed19","seq":1,"duration_ms":101,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-21T05:28:25","port":46888,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:46888\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34363838380d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:WMifEHzLujAjJyt0EV14+N3tQKo=","ja3":"2196848d251b217de8b2c037e356c11d","session":"59667fbf-f4cd-4b25-8c4a-bd5d7ad20959","seq":1,"duration_ms":101,"bytes_in":221,"bytes_out":80}],"http_methods":[{"method":"GET","count":479}],"distinct_ports_total":494,"top_paths":[{"path":"/","count":479,"ports":408}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":20}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:9630","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":10},"tags":[],"data_as_of":"2026-06-22T08:11:46.509090+00:00"}