{"ip":"198.235.24.120","total_events":474,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-17T23:57:23","last_seen":"2026-06-04T06:12:37","events_24h":1,"events_7d":33,"geo":{"country_code":"US","country_name":"","region":"California","city":"","lat":34.0544,"lon":-118.244,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":3389,"proto":"tcp","label":"RDP","count":34},{"port":9983,"proto":"tcp","label":"","count":28},{"port":20257,"proto":"tcp","label":"","count":16},{"port":20256,"proto":"tcp","label":"","count":15},{"port":13,"proto":"tcp","label":"","count":10},{"port":22,"proto":"tcp","label":"SSH","count":7},{"port":1200,"proto":"tcp","label":"","count":7},{"port":8090,"proto":"tcp","label":"","count":7},{"port":5000,"proto":"tcp","label":"Web-alt","count":7},{"port":88,"proto":"tcp","label":"","count":6},{"port":9092,"proto":"tcp","label":"Kafka","count":5},{"port":10443,"proto":"tcp","label":"","count":5},{"port":8080,"proto":"tcp","label":"HTTP-alt","count":5},{"port":8081,"proto":"tcp","label":"","count":4},{"port":1194,"proto":"tcp","label":"OpenVPN","count":4}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190800_9dc949149365_97f8aa674fd9","t13i140900_cbb2034c60b8_e7c285222651","t13i311000_e8f1e7e78f70_24695f2957a7","t13i131000_f57a46bbacb6_ab7e3b40a677"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d","ge11nn0300_042112399351"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":677,"t13i311000_e8f1e7e78f70_24695f2957a7":500,"t13i131000_f57a46bbacb6_ab7e3b40a677":5454,"t13i190800_9dc949149365_97f8aa674fd9":3583,"ge11nn0300_0db47b7d240d":3776,"ge11nn0300_042112399351":3300,"ge11nn0200_3ed38b250d3d":1543,"ge10nn0200_5594a17e7e7e":1933},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","curl/7.68.0"],"timeline":[{"date":"2026-03-07","count":4},{"date":"2026-03-08","count":4},{"date":"2026-03-09","count":7},{"date":"2026-03-10","count":7},{"date":"2026-03-11","count":8},{"date":"2026-03-12","count":7},{"date":"2026-03-13","count":6},{"date":"2026-03-14","count":6},{"date":"2026-03-15","count":10},{"date":"2026-03-16","count":6},{"date":"2026-03-17","count":2},{"date":"2026-03-18","count":4},{"date":"2026-03-19","count":6},{"date":"2026-03-21","count":9},{"date":"2026-03-22","count":7},{"date":"2026-03-23","count":2},{"date":"2026-03-24","count":5},{"date":"2026-03-26","count":4},{"date":"2026-03-27","count":4},{"date":"2026-03-28","count":4},{"date":"2026-03-29","count":4},{"date":"2026-03-30","count":2},{"date":"2026-03-31","count":5},{"date":"2026-04-01","count":2},{"date":"2026-04-02","count":5},{"date":"2026-04-03","count":3},{"date":"2026-04-04","count":4},{"date":"2026-04-05","count":5},{"date":"2026-04-06","count":8},{"date":"2026-04-08","count":8},{"date":"2026-04-09","count":4},{"date":"2026-04-10","count":5},{"date":"2026-04-11","count":1},{"date":"2026-04-12","count":8},{"date":"2026-04-13","count":5},{"date":"2026-04-14","count":1},{"date":"2026-04-15","count":5},{"date":"2026-04-17","count":1},{"date":"2026-04-18","count":3},{"date":"2026-04-19","count":2},{"date":"2026-04-20","count":3},{"date":"2026-04-21","count":7},{"date":"2026-04-22","count":6},{"date":"2026-04-23","count":2},{"date":"2026-04-24","count":4},{"date":"2026-04-25","count":24},{"date":"2026-04-26","count":5},{"date":"2026-04-27","count":1},{"date":"2026-04-29","count":2},{"date":"2026-04-30","count":4},{"date":"2026-05-01","count":3},{"date":"2026-05-02","count":2},{"date":"2026-05-03","count":4},{"date":"2026-05-04","count":2},{"date":"2026-05-05","count":3},{"date":"2026-05-06","count":2},{"date":"2026-05-07","count":3},{"date":"2026-05-08","count":1},{"date":"2026-05-09","count":3},{"date":"2026-05-10","count":3},{"date":"2026-05-11","count":3},{"date":"2026-05-12","count":1},{"date":"2026-05-13","count":3},{"date":"2026-05-14","count":2},{"date":"2026-05-15","count":4},{"date":"2026-05-16","count":2},{"date":"2026-05-17","count":3},{"date":"2026-05-18","count":5},{"date":"2026-05-19","count":2},{"date":"2026-05-20","count":3},{"date":"2026-05-21","count":2},{"date":"2026-05-23","count":2},{"date":"2026-05-24","count":5},{"date":"2026-05-25","count":1},{"date":"2026-05-26","count":1},{"date":"2026-05-27","count":2},{"date":"2026-05-28","count":4},{"date":"2026-05-29","count":2},{"date":"2026-05-30","count":2},{"date":"2026-05-31","count":4},{"date":"2026-06-01","count":1},{"date":"2026-06-02","count":16},{"date":"2026-06-03","count":6},{"date":"2026-06-04","count":1}],"recent_events":[{"timestamp":"2026-06-04T06:12:37","port":3978,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:3978\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-03T21:55:43","port":139,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000��SMB@\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00001234567890123456$\u0000\u0001\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u00001234567890123456h\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u0011\u0003\u0000\u0000\u0002\u0000\u0006\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0002\u0000\u0001\u0000\u0000\u0000\u0001\u0000,\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0002\u0000\u0001\u0000\u0001\u0000 \u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","method":"","user_agent":"","enriched":{"digest":"70ed1072e860440d","strings":["SMB@","1234567890123456$","1234567890123456h","SMB@1234567890123456$"]}},{"timestamp":"2026-06-03T21:55:43","port":139,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u00001�SMBr\u0000\u0000\u0000\u0000\u0018Eh\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000�}\u0000\u0000\u0001\u0000\u0000\u000e\u0000\u0002NT LM 0.12\u0000\u0002\u0000","method":"","user_agent":"","enriched":{"digest":"bb23ec222e010171","strings":["SMBr","NT LM 0.12"]}},{"timestamp":"2026-06-03T20:59:07","port":50996,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:50996\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-03T20:29:53","port":50052,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:50052\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-03T06:02:42","port":10250,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:10250\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-03T03:34:27","port":10001,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0001200","method":"","user_agent":""},{"timestamp":"2026-06-02T22:11:40","port":9983,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0016\u0003\u0001\u0000�\u0001\u0000\u0000�\u0003\u00035��#.�b����\u0005N�\r���n�\r\u001b,:Y�\r\u0000w~�� &\"���f����<�?\u0006���@\u001c������m\u001c�\u000e-��\u0000&�+�/�,�0̨̩�\t�\u0013�\n�\u0014\u0000�\u0000�\u0000/\u00005�\u0012\u0000\n\u0013\u0001\u0013\u0002\u0013\u0003\u0001\u0000\u0000{\u0000\u0005\u0000\u0005\u0001\u0000\u0000\u0000\u0000\u0000\n\u0000\n\u0000\b\u0000\u001d\u0000\u0017\u0000\u0018\u0000\u0019\u0000\u000b\u0000\u0002\u0001\u0000\u0000\r\u0000\u001a\u0000\u0018\b\u0004\u0004\u0003\b\u0007\b\u0005\b\u0006\u0004\u0001\u0005\u0001\u0006\u0001\u0005\u0003\u0006\u0003\u0002\u0001\u0002\u0003�\u0001\u0000\u0001\u0000\u0000\u0012\u0000\u0000\u0000+\u0000\t\b\u0003\u0004\u0003\u0003\u0003\u0002\u0003\u0001\u00003\u0000&\u0000$\u0000\u001d\u0000 aJ|P����\u0003Zj��Yn\u001c�)'�\u00102]W\u001d���\u00101�G","method":"","user_agent":"","enriched":{"digest":"63da667413e72502","label":"TLS/SSL","strings":["aJ|P"]}},{"timestamp":"2026-06-02T22:11:40","port":9983,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000,'�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=JoGpie\r\n\u0001\u0000\b\u0000\u0003\u0000\u0000\u0000","method":"","user_agent":"","enriched":{"digest":"0b9536c7789cfef8","label":"TPKT (RDP/X.224)","strings":["Cookie: mstshash=JoGpie"]}},{"timestamp":"2026-06-02T22:11:40","port":9983,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000,'�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=atYSgd\r\n\u0001\u0000\b\u0000\u0001\u0000\u0000\u0000","method":"","user_agent":"","enriched":{"digest":"adefc3ffb91dc46d","label":"TPKT (RDP/X.224)","strings":["Cookie: mstshash=atYSgd"]}}],"http_methods":[{"method":"GET","count":120}],"distinct_ports_total":176,"top_paths":[{"path":"/","count":108,"ports":82},{"path":"/.well-known/security.txt","count":12,"ports":10}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":1}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:3978","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":1,"events_with_headers":4},"tags":[],"data_as_of":"2026-06-04T22:35:22.079902+00:00"}