{"ip":"162.216.150.205","total_events":370,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-05-19T03:51:41","last_seen":"2026-06-25T05:42:35","events_24h":14,"events_7d":97,"geo":{"country_code":"US","country_name":"United States","region":"South Carolina","city":"North Charleston","lat":32.8608,"lon":-79.9746,"asn":396982,"org":"Google LLC"},"source_domain":"205.150.216.162.bc.googleusercontent.com","known_scanners":["paloaltonetworks"],"scanner_tag":{"key":"gcp","label":"Google Cloud","category":"hosting_provider","url":"https://cloud.google.com/"},"cve_matches":[],"top_ports":[{"port":21942,"proto":"tcp","label":"","count":3},{"port":28286,"proto":"tcp","label":"","count":3},{"port":14142,"proto":"tcp","label":"","count":3},{"port":49060,"proto":"tcp","label":"","count":3},{"port":21580,"proto":"tcp","label":"","count":3},{"port":48810,"proto":"tcp","label":"","count":3},{"port":45655,"proto":"tcp","label":"","count":2},{"port":41184,"proto":"tcp","label":"","count":2},{"port":60268,"proto":"tcp","label":"","count":2},{"port":28292,"proto":"tcp","label":"","count":2},{"port":37855,"proto":"tcp","label":"","count":2},{"port":39833,"proto":"tcp","label":"","count":2},{"port":23035,"proto":"tcp","label":"","count":2},{"port":25327,"proto":"tcp","label":"","count":2},{"port":8045,"proto":"tcp","label":"","count":2}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d"]},"fingerprint_peers":{"t13i131000_f57a46bbacb6_ab7e3b40a677":5565,"ge11nn0300_0db47b7d240d":4238,"ge10nn0200_5594a17e7e7e":1982},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-05-19","count":8},{"date":"2026-05-20","count":9},{"date":"2026-05-21","count":5},{"date":"2026-05-22","count":8},{"date":"2026-05-23","count":5},{"date":"2026-05-24","count":4},{"date":"2026-05-25","count":4},{"date":"2026-05-26","count":10},{"date":"2026-05-27","count":6},{"date":"2026-05-28","count":18},{"date":"2026-05-29","count":19},{"date":"2026-05-30","count":6},{"date":"2026-05-31","count":9},{"date":"2026-06-01","count":5},{"date":"2026-06-02","count":7},{"date":"2026-06-03","count":5},{"date":"2026-06-04","count":14},{"date":"2026-06-05","count":13},{"date":"2026-06-06","count":6},{"date":"2026-06-07","count":6},{"date":"2026-06-08","count":12},{"date":"2026-06-09","count":10},{"date":"2026-06-10","count":7},{"date":"2026-06-11","count":14},{"date":"2026-06-12","count":11},{"date":"2026-06-13","count":7},{"date":"2026-06-14","count":9},{"date":"2026-06-15","count":10},{"date":"2026-06-16","count":8},{"date":"2026-06-17","count":7},{"date":"2026-06-18","count":19},{"date":"2026-06-19","count":13},{"date":"2026-06-20","count":19},{"date":"2026-06-21","count":12},{"date":"2026-06-22","count":14},{"date":"2026-06-23","count":16},{"date":"2026-06-24","count":6},{"date":"2026-06-25","count":9}],"recent_events":[{"timestamp":"2026-06-25T05:42:35","port":41184,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:qRk9CPoyYZ1hMAq325iBW8iv+BY=","ja3":"","session":"e7ef99f3-5c2e-4a6a-8e9d-c740fc29b72a","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-25T05:42:35","port":41184,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:hcyAu8KIoHhRr5+DqqFtz5FM784=","ja3":"","session":"f50214b3-06a1-49ad-a6de-9803e39bfd1a","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-25T03:07:57","port":52202,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:52202\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a35323230320d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:4A22oLcazhKqD6r7Bi72UnKFalU=","ja3":"","session":"fce273ab-4560-44e0-8cc5-7d433723b01f","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":80},{"timestamp":"2026-06-25T02:22:41","port":37215,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:37215\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a33373231350d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:Q09lDBhv/7r9LD+vmBUfYMGl9MA=","ja3":"","session":"f2a7cacc-19e2-4b8c-989e-1a777e01f124","seq":1,"duration_ms":101,"bytes_in":221,"bytes_out":80},{"timestamp":"2026-06-25T02:15:28","port":9077,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9077\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393037370d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:b7u5F1Pl5uh2NPtQUV9N2wgfPDQ=","ja3":"","session":"51e83364-5430-4c1d-9269-36adf5de450c","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":80},{"timestamp":"2026-06-25T01:57:38","port":46989,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:46989\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34363938390d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:drsSuHaL8tDVXMk/bLy0bB45cGg=","ja3":"2196848d251b217de8b2c037e356c11d","session":"69c4e75c-ac28-412b-8297-dfbcf3835226","seq":1,"duration_ms":100,"bytes_in":223,"bytes_out":80},{"timestamp":"2026-06-25T01:57:37","port":46989,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:46989\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34363938390d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:fseoCcnomZ4s7bwYmjkO2poc55A=","ja3":"2196848d251b217de8b2c037e356c11d","session":"e03abfbf-1907-49c0-9208-2a6fed438858","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":80},{"timestamp":"2026-06-25T01:56:46","port":54133,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:gYMQgG3TY0CvyhRPC1TYnnsXks0=","ja3":"","session":"4a120ef4-187f-4831-a182-5e683d2fea6e","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-25T01:47:44","port":39833,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:LDz2d2+9t62Yetgu11EymVw9VEs=","ja3":"","session":"f2bc75fa-e1fb-47c4-b7af-22d0ba1a889f","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80},{"timestamp":"2026-06-24T21:13:45","port":25689,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:kbUla8j8PnA9uxTdknpdWzaapdM=","ja3":"","session":"f77770fb-f9c3-4d02-aec1-f0c8bce46f4a","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":80}],"http_methods":[{"method":"GET","count":355}],"distinct_ports_total":307,"top_paths":[{"path":"/","count":355,"ports":294}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":12}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:52202","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":10},"tags":[],"data_as_of":"2026-06-25T10:22:17.867798+00:00"}