{"ip":"162.216.149.42","total_events":989,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null,"why":["Source IP is in a known scanner range (paloaltonetworks).","Known research and commercial scanners are labelled as such, not as threats."]},"first_seen":"2026-02-16T17:52:03","last_seen":"2026-07-04T01:29:05","events_24h":5,"events_7d":115,"geo":{"country_code":"US","country_name":"United States","region":"South Carolina","city":"North Charleston","lat":32.8608,"lon":-79.9746,"asn":396982,"org":"Google LLC"},"source_domain":"42.149.216.162.bc.googleusercontent.com","known_scanners":["paloaltonetworks"],"scanner_tag":{"key":"gcp","label":"Google Cloud","category":"hosting_provider","url":"https://cloud.google.com/"},"cve_matches":[{"cve_id":"CVE-2026-34197","title":"Apache ActiveMQ - Remote Code Execution","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"/api/jolokia/"}],"malware":[],"top_ports":[{"port":63389,"proto":"tcp","label":"","count":34},{"port":3392,"proto":"tcp","label":"","count":11},{"port":4965,"proto":"tcp","label":"","count":4},{"port":9506,"proto":"tcp","label":"","count":3},{"port":42540,"proto":"tcp","label":"","count":3},{"port":53043,"proto":"tcp","label":"","count":3},{"port":9957,"proto":"tcp","label":"","count":3},{"port":64895,"proto":"tcp","label":"","count":3},{"port":38270,"proto":"tcp","label":"","count":3},{"port":27443,"proto":"tcp","label":"","count":3},{"port":9796,"proto":"tcp","label":"","count":3},{"port":48878,"proto":"tcp","label":"","count":3},{"port":9346,"proto":"tcp","label":"","count":3},{"port":38879,"proto":"tcp","label":"","count":3},{"port":48172,"proto":"tcp","label":"","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i140900_cbb2034c60b8_e7c285222651","t12i520600_3874cc0afe49_d74d77c6171b","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["1487bd354c20f20dd642bebc7f706e95","2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":1689,"t12i520600_3874cc0afe49_d74d77c6171b":311,"t13i131000_f57a46bbacb6_ab7e3b40a677":5488,"ge11nn0300_0db47b7d240d":4392,"ge11nn0200_3ed38b250d3d":2360,"ge10nn0200_5594a17e7e7e":1969},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-04-05","count":2},{"date":"2026-04-07","count":4},{"date":"2026-04-08","count":5},{"date":"2026-04-09","count":3},{"date":"2026-04-10","count":5},{"date":"2026-04-11","count":7},{"date":"2026-04-12","count":4},{"date":"2026-04-13","count":5},{"date":"2026-04-14","count":5},{"date":"2026-04-15","count":2},{"date":"2026-04-16","count":4},{"date":"2026-04-17","count":4},{"date":"2026-04-18","count":9},{"date":"2026-04-19","count":3},{"date":"2026-04-20","count":2},{"date":"2026-04-21","count":6},{"date":"2026-04-22","count":5},{"date":"2026-04-23","count":10},{"date":"2026-04-24","count":1},{"date":"2026-04-25","count":2},{"date":"2026-04-26","count":1},{"date":"2026-04-27","count":3},{"date":"2026-04-29","count":2},{"date":"2026-04-30","count":7},{"date":"2026-05-01","count":5},{"date":"2026-05-02","count":2},{"date":"2026-05-03","count":1},{"date":"2026-05-04","count":2},{"date":"2026-05-05","count":4},{"date":"2026-05-06","count":7},{"date":"2026-05-07","count":3},{"date":"2026-05-08","count":2},{"date":"2026-05-09","count":5},{"date":"2026-05-10","count":14},{"date":"2026-05-11","count":2},{"date":"2026-05-12","count":6},{"date":"2026-05-13","count":11},{"date":"2026-05-14","count":23},{"date":"2026-05-15","count":9},{"date":"2026-05-16","count":7},{"date":"2026-05-17","count":5},{"date":"2026-05-18","count":6},{"date":"2026-05-19","count":4},{"date":"2026-05-20","count":8},{"date":"2026-05-21","count":3},{"date":"2026-05-22","count":6},{"date":"2026-05-23","count":15},{"date":"2026-05-24","count":4},{"date":"2026-05-25","count":7},{"date":"2026-05-26","count":7},{"date":"2026-05-27","count":6},{"date":"2026-05-28","count":6},{"date":"2026-05-29","count":3},{"date":"2026-05-30","count":13},{"date":"2026-05-31","count":13},{"date":"2026-06-01","count":15},{"date":"2026-06-02","count":10},{"date":"2026-06-03","count":5},{"date":"2026-06-04","count":9},{"date":"2026-06-05","count":12},{"date":"2026-06-06","count":6},{"date":"2026-06-07","count":5},{"date":"2026-06-08","count":15},{"date":"2026-06-09","count":8},{"date":"2026-06-10","count":10},{"date":"2026-06-11","count":12},{"date":"2026-06-12","count":12},{"date":"2026-06-13","count":8},{"date":"2026-06-14","count":9},{"date":"2026-06-15","count":8},{"date":"2026-06-16","count":8},{"date":"2026-06-17","count":14},{"date":"2026-06-18","count":11},{"date":"2026-06-19","count":12},{"date":"2026-06-20","count":12},{"date":"2026-06-21","count":18},{"date":"2026-06-22","count":8},{"date":"2026-06-23","count":21},{"date":"2026-06-24","count":11},{"date":"2026-06-25","count":13},{"date":"2026-06-26","count":4},{"date":"2026-06-27","count":133},{"date":"2026-06-28","count":20},{"date":"2026-06-29","count":19},{"date":"2026-06-30","count":12},{"date":"2026-07-01","count":16},{"date":"2026-07-02","count":21},{"date":"2026-07-03","count":10},{"date":"2026-07-04","count":2}],"recent_events":[{"timestamp":"2026-07-04T01:29:05","port":24750,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:a1+fsGWOm24tuDQCvUADi3ZXmso=","ja3":"","session":"a6a14fad-8ebc-4f5a-85c8-7d89ce32af8a","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-04T01:18:53","port":9557,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9557\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393535370d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:Z7RmpmC4CnLXQl1jA+yr5CxZ4rc=","ja3":"","session":"a5e11560-284b-4ece-80a3-506ddfde3f67","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":79},{"timestamp":"2026-07-03T16:48:49","port":9161,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9161\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393136310d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:3A9TUr4Yk5joVPN0zR5L1B1bYgg=","ja3":"","session":"c2564fe5-a769-4647-84d5-8230e4192b86","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":79},{"timestamp":"2026-07-03T14:02:19","port":42802,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:L3kIft93AtmxuChfvoAs0LAQu/Y=","ja3":"","session":"e4b51478-cbe6-4e1f-9694-0c787016ae0b","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-03T09:27:15","port":2760,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:E/yGP2sAaOSv+ZtyKDqTW361COo=","ja3":"","session":"0b0c75f8-9feb-4565-9b71-edab11fde27b","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-03T05:25:40","port":23039,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:llDrUZcrjPYDKxY1LANvq5zqoZc=","ja3":"","session":"03b874ea-28ec-459c-a884-c27e01e47b6d","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-03T01:44:47","port":30878,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:30878\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a33303837380d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:ZF24s6sb2+KG/3mzh+QccRDavck=","ja3":"","session":"8612fbe3-9de5-462c-b89c-ac8fa8dc0acf","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":79},{"timestamp":"2026-07-03T01:43:55","port":9518,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9518\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393531380d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:r8Awbl7WGrjFtFvxOIuvMvjt+IY=","ja3":"","session":"bd0e8a25-c780-4783-9878-230674652874","seq":1,"duration_ms":101,"bytes_in":220,"bytes_out":79},{"timestamp":"2026-07-03T01:41:46","port":26627,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:/kTXbXtkXIunvTBfwfNc1xswia0=","ja3":"","session":"731be40c-29c9-4f78-9d77-8f5ecb2075a7","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-03T01:30:10","port":60741,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:JfRdx6VqifUNCtUPa8lE8qe3rwc=","ja3":"","session":"72e22bea-7678-44ac-a580-6b5028a3835e","seq":1,"duration_ms":101,"bytes_in":185,"bytes_out":79}],"http_methods":[{"method":"GET","count":767}],"distinct_ports_total":758,"top_paths":[{"path":"/","count":656,"ports":557},{"path":"/jolokia","count":17,"ports":17},{"path":"/api/jolokia/version","count":17,"ports":17},{"path":"/jolokia/exec","count":16,"ports":16},{"path":"/actuator/jolokia/version","count":12,"ports":12},{"path":"/api/jolokia/list","count":11,"ports":11},{"path":"/jolokia/write","count":10,"ports":10},{"path":"/jolokia/version","count":10,"ports":10},{"path":"/api/jolokia","count":9,"ports":9},{"path":"/jolokia/list","count":9,"ports":9}],"distinct_paths_total":10,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":29}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:9557","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":10},"tags":[{"tag_id":"CVE-2026-34197","tag_type":"cve","title":"Apache ActiveMQ - Remote Code Execution","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"/api/jolokia/","reference_urls":[]}],"data_as_of":"2026-07-04T09:25:13.262452+00:00"}