{"ip":"162.216.150.194","total_events":779,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-16T17:49:34","last_seen":"2026-06-25T13:29:04","events_24h":13,"events_7d":104,"geo":{"country_code":"US","country_name":"United States","region":"South Carolina","city":"North Charleston","lat":32.8608,"lon":-79.9746,"asn":396982,"org":"Google LLC"},"source_domain":"194.150.216.162.bc.googleusercontent.com","known_scanners":["paloaltonetworks"],"scanner_tag":{"key":"gcp","label":"Google Cloud","category":"hosting_provider","url":"https://cloud.google.com/"},"cve_matches":[],"top_ports":[{"port":3391,"proto":"tcp","label":"","count":17},{"port":3386,"proto":"tcp","label":"","count":11},{"port":443,"proto":"tcp","label":"HTTPS","count":6},{"port":9224,"proto":"tcp","label":"","count":4},{"port":20661,"proto":"tcp","label":"","count":4},{"port":37595,"proto":"tcp","label":"","count":3},{"port":55275,"proto":"tcp","label":"","count":3},{"port":60735,"proto":"tcp","label":"","count":3},{"port":50100,"proto":"tcp","label":"Cassandra","count":3},{"port":42586,"proto":"tcp","label":"","count":3},{"port":11649,"proto":"tcp","label":"","count":3},{"port":45721,"proto":"tcp","label":"","count":3},{"port":18326,"proto":"tcp","label":"","count":3},{"port":20642,"proto":"tcp","label":"","count":3},{"port":9485,"proto":"tcp","label":"","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t12i520600_3874cc0afe49_d74d77c6171b","t13i140900_cbb2034c60b8_e7c285222651","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":690,"t12i520600_3874cc0afe49_d74d77c6171b":281,"t13i131000_f57a46bbacb6_ab7e3b40a677":5574,"ge11nn0300_0db47b7d240d":4240,"ge10nn0200_5594a17e7e7e":1982},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-03-27","count":2},{"date":"2026-03-28","count":8},{"date":"2026-03-29","count":8},{"date":"2026-03-30","count":2},{"date":"2026-03-31","count":8},{"date":"2026-04-01","count":3},{"date":"2026-04-02","count":5},{"date":"2026-04-03","count":8},{"date":"2026-04-04","count":1},{"date":"2026-04-05","count":3},{"date":"2026-04-07","count":3},{"date":"2026-04-08","count":3},{"date":"2026-04-09","count":6},{"date":"2026-04-10","count":5},{"date":"2026-04-11","count":2},{"date":"2026-04-12","count":2},{"date":"2026-04-14","count":3},{"date":"2026-04-15","count":2},{"date":"2026-04-16","count":3},{"date":"2026-04-17","count":9},{"date":"2026-04-18","count":4},{"date":"2026-04-19","count":8},{"date":"2026-04-21","count":10},{"date":"2026-04-22","count":5},{"date":"2026-04-23","count":2},{"date":"2026-04-24","count":3},{"date":"2026-04-25","count":5},{"date":"2026-04-26","count":2},{"date":"2026-04-28","count":5},{"date":"2026-04-29","count":2},{"date":"2026-04-30","count":10},{"date":"2026-05-01","count":5},{"date":"2026-05-02","count":5},{"date":"2026-05-03","count":7},{"date":"2026-05-04","count":1},{"date":"2026-05-05","count":5},{"date":"2026-05-06","count":4},{"date":"2026-05-07","count":6},{"date":"2026-05-08","count":6},{"date":"2026-05-09","count":9},{"date":"2026-05-10","count":4},{"date":"2026-05-11","count":2},{"date":"2026-05-12","count":9},{"date":"2026-05-13","count":6},{"date":"2026-05-14","count":7},{"date":"2026-05-15","count":12},{"date":"2026-05-16","count":5},{"date":"2026-05-17","count":6},{"date":"2026-05-18","count":3},{"date":"2026-05-19","count":3},{"date":"2026-05-20","count":9},{"date":"2026-05-21","count":7},{"date":"2026-05-22","count":2},{"date":"2026-05-23","count":4},{"date":"2026-05-24","count":4},{"date":"2026-05-25","count":5},{"date":"2026-05-26","count":11},{"date":"2026-05-27","count":2},{"date":"2026-05-28","count":30},{"date":"2026-05-29","count":10},{"date":"2026-05-30","count":6},{"date":"2026-05-31","count":16},{"date":"2026-06-01","count":11},{"date":"2026-06-02","count":5},{"date":"2026-06-03","count":10},{"date":"2026-06-04","count":7},{"date":"2026-06-05","count":9},{"date":"2026-06-06","count":12},{"date":"2026-06-07","count":3},{"date":"2026-06-08","count":13},{"date":"2026-06-09","count":4},{"date":"2026-06-10","count":14},{"date":"2026-06-11","count":13},{"date":"2026-06-12","count":12},{"date":"2026-06-13","count":12},{"date":"2026-06-14","count":11},{"date":"2026-06-15","count":15},{"date":"2026-06-16","count":10},{"date":"2026-06-17","count":11},{"date":"2026-06-18","count":17},{"date":"2026-06-19","count":13},{"date":"2026-06-20","count":21},{"date":"2026-06-21","count":13},{"date":"2026-06-22","count":6},{"date":"2026-06-23","count":25},{"date":"2026-06-24","count":9},{"date":"2026-06-25","count":11}],"recent_events":[{"timestamp":"2026-06-25T13:29:04","port":61832,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:vK0qMUdRvy7rAz6SJa7n1a8gNwY=","ja3":"","session":"a43fa021-f3d1-4bb9-8419-648e7cd8101c","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-25T13:29:04","port":61832,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:PDWwn5/jUMmw+B6uokIGq8/cWEA=","ja3":"","session":"5f7e5314-36cc-4003-adc0-81bee81bf3a7","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-25T13:20:55","port":27409,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:1tDfspt1YndeqlBKVqqX+npGHZQ=","ja3":"","session":"baad04e2-eb4c-40d9-a28b-62753ab42464","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-25T13:17:55","port":58553,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:Cl8Bd1SctWO4NygQHBtqBx/Jm6w=","ja3":"","session":"bb921e20-8e2b-44b6-8eda-6dcb3019a7c0","seq":1,"duration_ms":137,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-25T13:16:22","port":50492,"proto":"tcp","app_proto":"","app_protocol":"ssh","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"SSH-2.0-ZGrab ZGrab SSH Survey\r\n","payload_hex":"5353482d322e302d5a47726162205a4772616220535348205375727665790d0a","method":"","user_agent":"","community_id":"1:l/ge1tuk9EV5byarkHpo0C7dPSc=","ja3":"","session":"e9c30a7b-0111-44ca-b2ff-24f9e4fdcd81","seq":1,"duration_ms":2101,"bytes_in":32,"bytes_out":15,"enriched":{"digest":"5192d527e0eab129","label":"SSH","strings":["SSH-2.0-ZGrab ZGrab SSH Survey"]}},{"timestamp":"2026-06-25T06:06:17","port":18326,"proto":"tcp","app_proto":"","app_protocol":"ssh","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"SSH-2.0-ZGrab ZGrab SSH Survey\r\n","payload_hex":"5353482d322e302d5a47726162205a4772616220535348205375727665790d0a","method":"","user_agent":"","community_id":"1:juIRBb6FxedIuKBhrkszkEv6qlE=","ja3":"","session":"697b57ce-3217-4a33-be01-450ab9af4fe0","seq":1,"duration_ms":2101,"bytes_in":32,"bytes_out":15,"enriched":{"digest":"5192d527e0eab129","label":"SSH","strings":["SSH-2.0-ZGrab ZGrab SSH Survey"]}},{"timestamp":"2026-06-25T06:03:30","port":48759,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:48759\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34383735390d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:1a1Y1NNYeL66nLjThooeMPAUWAk=","ja3":"2196848d251b217de8b2c037e356c11d","session":"41c52ff3-6757-4164-b9cd-b7b8eb40b55a","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":80},{"timestamp":"2026-06-25T05:49:52","port":61104,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:LjqoCBx2tLXbw/QbLryoqwBzZ2M=","ja3":"","session":"7bf987c5-463a-47a2-8d0a-7b4d95d639f7","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-25T05:41:54","port":54028,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:w3fEJhIyJolpLcpYWtbDsdjbZYk=","ja3":"","session":"4f37c4d9-f174-4e1a-8424-5ef927a06279","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-25T02:20:03","port":44828,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:8lmP6hHjh9nhCtKxcAXH0OY3O7o=","ja3":"","session":"6d350887-20f0-47b2-b025-fb8ccd5aed9b","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80}],"http_methods":[{"method":"GET","count":536}],"distinct_ports_total":558,"top_paths":[{"path":"/","count":536,"ports":444}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":26}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:48759","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":8},"tags":[],"data_as_of":"2026-06-25T20:17:35.589324+00:00"}