{"ip":"147.185.133.194","total_events":661,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-16T16:57:49","last_seen":"2026-06-21T13:22:30","events_24h":12,"events_7d":68,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":137,"proto":"tcp","label":"NetBIOS","count":12},{"port":4390,"proto":"tcp","label":"","count":11},{"port":27405,"proto":"tcp","label":"","count":4},{"port":2502,"proto":"tcp","label":"","count":4},{"port":21527,"proto":"tcp","label":"","count":3},{"port":30627,"proto":"tcp","label":"","count":3},{"port":9557,"proto":"tcp","label":"","count":3},{"port":31771,"proto":"tcp","label":"","count":3},{"port":46487,"proto":"tcp","label":"","count":3},{"port":6622,"proto":"tcp","label":"","count":3},{"port":51687,"proto":"tcp","label":"","count":3},{"port":17106,"proto":"tcp","label":"","count":3},{"port":9550,"proto":"tcp","label":"","count":3},{"port":55068,"proto":"tcp","label":"","count":3},{"port":54321,"proto":"tcp","label":"","count":2}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i140900_cbb2034c60b8_e7c285222651","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["2196848d251b217de8b2c037e356c11d"],"ja4h":["po11nn0300_7059b3fb2d4a","ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":751,"t13i131000_f57a46bbacb6_ab7e3b40a677":5532,"ge11nn0300_0db47b7d240d":4154,"po11nn0300_7059b3fb2d4a":165,"ge10nn0200_5594a17e7e7e":1973},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-03-24","count":2},{"date":"2026-03-25","count":1},{"date":"2026-03-27","count":2},{"date":"2026-03-28","count":1},{"date":"2026-03-29","count":12},{"date":"2026-03-30","count":2},{"date":"2026-03-31","count":4},{"date":"2026-04-01","count":2},{"date":"2026-04-02","count":7},{"date":"2026-04-03","count":7},{"date":"2026-04-04","count":6},{"date":"2026-04-05","count":3},{"date":"2026-04-06","count":2},{"date":"2026-04-07","count":1},{"date":"2026-04-08","count":8},{"date":"2026-04-09","count":1},{"date":"2026-04-10","count":4},{"date":"2026-04-11","count":14},{"date":"2026-04-12","count":1},{"date":"2026-04-13","count":2},{"date":"2026-04-14","count":1},{"date":"2026-04-15","count":2},{"date":"2026-04-16","count":6},{"date":"2026-04-17","count":13},{"date":"2026-04-18","count":2},{"date":"2026-04-19","count":3},{"date":"2026-04-20","count":3},{"date":"2026-04-21","count":4},{"date":"2026-04-22","count":7},{"date":"2026-04-23","count":8},{"date":"2026-04-24","count":4},{"date":"2026-04-25","count":7},{"date":"2026-04-26","count":6},{"date":"2026-04-27","count":8},{"date":"2026-04-28","count":2},{"date":"2026-04-29","count":3},{"date":"2026-04-30","count":5},{"date":"2026-05-01","count":2},{"date":"2026-05-02","count":6},{"date":"2026-05-03","count":4},{"date":"2026-05-05","count":4},{"date":"2026-05-06","count":4},{"date":"2026-05-07","count":9},{"date":"2026-05-08","count":13},{"date":"2026-05-09","count":6},{"date":"2026-05-10","count":2},{"date":"2026-05-11","count":5},{"date":"2026-05-12","count":11},{"date":"2026-05-13","count":5},{"date":"2026-05-14","count":8},{"date":"2026-05-15","count":5},{"date":"2026-05-16","count":7},{"date":"2026-05-17","count":9},{"date":"2026-05-18","count":11},{"date":"2026-05-19","count":9},{"date":"2026-05-20","count":12},{"date":"2026-05-21","count":9},{"date":"2026-05-22","count":10},{"date":"2026-05-23","count":8},{"date":"2026-05-24","count":10},{"date":"2026-05-25","count":1},{"date":"2026-05-26","count":7},{"date":"2026-05-27","count":5},{"date":"2026-05-28","count":9},{"date":"2026-05-29","count":12},{"date":"2026-05-30","count":4},{"date":"2026-05-31","count":6},{"date":"2026-06-01","count":7},{"date":"2026-06-02","count":8},{"date":"2026-06-03","count":11},{"date":"2026-06-04","count":9},{"date":"2026-06-05","count":16},{"date":"2026-06-06","count":6},{"date":"2026-06-07","count":4},{"date":"2026-06-08","count":8},{"date":"2026-06-09","count":3},{"date":"2026-06-10","count":10},{"date":"2026-06-11","count":10},{"date":"2026-06-12","count":7},{"date":"2026-06-13","count":16},{"date":"2026-06-14","count":5},{"date":"2026-06-15","count":7},{"date":"2026-06-16","count":7},{"date":"2026-06-17","count":11},{"date":"2026-06-18","count":17},{"date":"2026-06-19","count":4},{"date":"2026-06-20","count":12},{"date":"2026-06-21","count":9}],"recent_events":[{"timestamp":"2026-06-21T13:22:30","port":16280,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:H8P29h9xhWszdAwxk8g51qbO3ok=","ja3":"","session":"24a306c4-2c94-4f30-b319-d29eb5b92397","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-21T10:36:24","port":9552,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9552\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393535320d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:fgo/sSdNe+/zYDtLJgUDZbQ+MDE=","ja3":"","session":"5613c110-d059-4932-b62e-0bf7bab04636","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":80},{"timestamp":"2026-06-21T09:56:20","port":21630,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:E3y6IqqAc16P9IDV1tqfDEdND1w=","ja3":"","session":"01372a0d-47c4-4a9d-94c5-403b9486cff9","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-21T09:43:44","port":52314,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:bP+glt8qR8ljtE2C1N0Ii8WOBnc=","ja3":"","session":"d6baaa00-c03b-4c34-83cf-040a1200184c","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-21T06:47:07","port":48991,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:48991\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34383939310d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:maI8aISUKL1nhWmYghLq1nbWsgs=","ja3":"2196848d251b217de8b2c037e356c11d","session":"055a35db-ca79-46a3-8c34-61d67524cfcb","seq":1,"duration_ms":100,"bytes_in":223,"bytes_out":80},{"timestamp":"2026-06-21T05:55:51","port":32084,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:oB5Uwcwr/2mL63DRcsvr5OmKJwI=","ja3":"","session":"becb6cdc-db72-4836-ad30-b3715f1500b6","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-21T01:38:52","port":33020,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:ENpflvdqOF43VQJyxEU1sKoST3E=","ja3":"","session":"4c28e1b9-6efa-41da-9c6f-9b447bc8827f","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-21T01:32:44","port":14433,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:14433\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a31343433330d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:bJsDQXQ0vOMyPu5E6z0OL5IC/yw=","ja3":"2196848d251b217de8b2c037e356c11d","session":"f04b37cc-d210-4a76-be41-ed7b02884b31","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":80},{"timestamp":"2026-06-21T01:27:09","port":47013,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:47013\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34373031330d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:e3VGTaxN/Ou8/q7yqQa+cdSJ9Vc=","ja3":"2196848d251b217de8b2c037e356c11d","session":"69500c61-dca1-4d10-adb8-06f19dbfd42e","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":80},{"timestamp":"2026-06-20T22:21:46","port":13000,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:13000\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a31333030300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:OhBPDAVqwMMRVKMTAQ45poE68e0=","ja3":"","session":"72665c75-c5e3-40d5-8d65-6633410e4218","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":80}],"http_methods":[{"method":"GET","count":433},{"method":"POST","count":1}],"distinct_ports_total":483,"top_paths":[{"path":"/","count":434,"ports":375}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":15}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:9552","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":10},"tags":[],"data_as_of":"2026-06-21T14:03:56.307443+00:00"}