{"ip":"198.235.24.179","total_events":484,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-19T20:09:38","last_seen":"2026-06-26T04:59:17","events_24h":4,"events_7d":14,"geo":{"country_code":"US","country_name":"United States","region":"California","city":"","lat":34.0544,"lon":-118.244,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":3389,"proto":"tcp","label":"RDP","count":51},{"port":3388,"proto":"tcp","label":"","count":34},{"port":20257,"proto":"tcp","label":"","count":15},{"port":7777,"proto":"tcp","label":"Oracle","count":9},{"port":20256,"proto":"tcp","label":"","count":9},{"port":80,"proto":"tcp","label":"HTTP","count":9},{"port":8888,"proto":"tcp","label":"HTTP-alt","count":8},{"port":10001,"proto":"tcp","label":"","count":6},{"port":135,"proto":"tcp","label":"MSRPC","count":6},{"port":61616,"proto":"tcp","label":"ActiveMQ","count":6},{"port":81,"proto":"tcp","label":"","count":6},{"port":3000,"proto":"tcp","label":"Web-alt","count":5},{"port":9092,"proto":"tcp","label":"Kafka","count":5},{"port":60000,"proto":"tcp","label":"","count":5},{"port":3690,"proto":"tcp","label":"SVN","count":5}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190800_9dc949149365_97f8aa674fd9","t13i140900_cbb2034c60b8_e7c285222651","t13i311000_e8f1e7e78f70_24695f2957a7","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["004556e859f3c26c5d19746b3a957c74","19e29534fd49dd27d09234e639c4057e","2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_5594a17e7e7e","ge11nn0300_042112399351"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":1071,"t13i311000_e8f1e7e78f70_24695f2957a7":506,"t13i131000_f57a46bbacb6_ab7e3b40a677":5575,"t13i190800_9dc949149365_97f8aa674fd9":5693,"ge11nn0200_5594a17e7e7e":98,"ge11nn0300_0db47b7d240d":4271,"ge11nn0300_042112399351":3362,"ge10nn0200_5594a17e7e7e":1989},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","curl/7.68.0"],"timeline":[{"date":"2026-03-29","count":2},{"date":"2026-03-30","count":3},{"date":"2026-03-31","count":3},{"date":"2026-04-02","count":20},{"date":"2026-04-03","count":27},{"date":"2026-04-04","count":7},{"date":"2026-04-05","count":7},{"date":"2026-04-06","count":4},{"date":"2026-04-07","count":5},{"date":"2026-04-08","count":7},{"date":"2026-04-09","count":1},{"date":"2026-04-10","count":2},{"date":"2026-04-11","count":3},{"date":"2026-04-13","count":3},{"date":"2026-04-14","count":2},{"date":"2026-04-15","count":4},{"date":"2026-04-16","count":3},{"date":"2026-04-17","count":2},{"date":"2026-04-18","count":4},{"date":"2026-04-19","count":2},{"date":"2026-04-20","count":2},{"date":"2026-04-21","count":3},{"date":"2026-04-22","count":3},{"date":"2026-04-23","count":3},{"date":"2026-04-24","count":4},{"date":"2026-04-25","count":2},{"date":"2026-04-26","count":5},{"date":"2026-04-27","count":2},{"date":"2026-04-28","count":3},{"date":"2026-04-29","count":2},{"date":"2026-04-30","count":2},{"date":"2026-05-01","count":1},{"date":"2026-05-02","count":7},{"date":"2026-05-03","count":20},{"date":"2026-05-04","count":2},{"date":"2026-05-05","count":4},{"date":"2026-05-06","count":2},{"date":"2026-05-07","count":4},{"date":"2026-05-08","count":3},{"date":"2026-05-09","count":2},{"date":"2026-05-10","count":4},{"date":"2026-05-13","count":3},{"date":"2026-05-14","count":3},{"date":"2026-05-15","count":1},{"date":"2026-05-16","count":1},{"date":"2026-05-17","count":1},{"date":"2026-05-19","count":1},{"date":"2026-05-20","count":2},{"date":"2026-05-21","count":2},{"date":"2026-05-22","count":2},{"date":"2026-05-23","count":2},{"date":"2026-05-24","count":4},{"date":"2026-05-25","count":4},{"date":"2026-05-28","count":2},{"date":"2026-05-29","count":2},{"date":"2026-05-30","count":3},{"date":"2026-05-31","count":3},{"date":"2026-06-01","count":3},{"date":"2026-06-02","count":4},{"date":"2026-06-03","count":2},{"date":"2026-06-04","count":3},{"date":"2026-06-05","count":3},{"date":"2026-06-06","count":3},{"date":"2026-06-07","count":2},{"date":"2026-06-08","count":3},{"date":"2026-06-09","count":1},{"date":"2026-06-10","count":2},{"date":"2026-06-11","count":1},{"date":"2026-06-13","count":3},{"date":"2026-06-14","count":2},{"date":"2026-06-15","count":2},{"date":"2026-06-16","count":3},{"date":"2026-06-17","count":3},{"date":"2026-06-18","count":1},{"date":"2026-06-19","count":1},{"date":"2026-06-20","count":2},{"date":"2026-06-21","count":2},{"date":"2026-06-22","count":2},{"date":"2026-06-23","count":1},{"date":"2026-06-24","count":2},{"date":"2026-06-26","count":4}],"recent_events":[{"timestamp":"2026-06-26T04:59:17","port":1194,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u000e87�&\b�\u001b��\u0000\u0000\u0000\u0000\u0000","payload_hex":"000e3837a52608a21ba0b10000000000","method":"","user_agent":"","community_id":"1:hhqLP2d8+wTJCqGvIIgqXRGPeag=","ja3":"","session":"cacd9d8c-6f81-49cd-8db3-e7ea67da6f82","seq":1,"duration_ms":100,"bytes_in":16,"bytes_out":14},{"timestamp":"2026-06-26T02:11:57","port":50067,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:50067\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a35303036370d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:D+xvqE/dULUhlVWjN04jOyDU9iI=","ja3":"19e29534fd49dd27d09234e639c4057e","session":"03b469ea-e937-4ca2-97f8-efe600dca850","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":79},{"timestamp":"2026-06-26T01:07:16","port":8991,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8991\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383939310d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:fpQ/VoTQhF3rOTlXi91lD/X3i74=","ja3":"","session":"e8e91b76-63aa-4a2d-b021-453e0d46a10c","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":79},{"timestamp":"2026-06-26T00:11:32","port":7001,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:7001\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a373030310d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:OCPu+Dm/5SucXQ7q77vLx59ug7U=","ja3":"","session":"bbdb370d-326c-40f0-9b90-d82888be23d8","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":79},{"timestamp":"2026-06-24T13:54:13","port":11112,"proto":"tcp","app_proto":"","app_protocol":"dicom","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0001\u0000\u0000\u0000\u0000�\u0000\u0001\u0000\u0000ANY-SCP         ECHOSCU         0\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0010\u0000\u0000\u00151.2.840.10008.3.1.1.1 \u0000\u0000.\u0001\u0000\u0000\u00000\u0000\u0000\u00111.2.840.10008.1.1@\u0000\u0000\u00111.2.840.10008.1.2P\u0000\u0000:Q\u0000\u0000\u0004\u0000\u0000@\u0000R\u0000\u0000\u001b1.2.276.0.7230010.3.0.3.6.2U\u0000\u0000\u000fOFFIS_DCMTK_362","payload_hex":"0100000000cd00010000414e592d5343502020202020202020204543484f534355202020202020202020300000000000000000000000000000000000000000000000000000000000000010000015312e322e3834302e31303030382e332e312e312e312000002e0100000030000011312e322e3834302e31303030382e312e3140000011312e322e3834302e31303030382e312e325000003a51000004000040005200001b312e322e3237362e302e373233303031302e332e302e332e362e325500000f4f464649535f44434d544b5f333632","method":"","user_agent":"","community_id":"1:eB/NEn0SjhVkPojhBm7exJIf9Do=","ja3":"","session":"183d8b36-303c-4456-9126-64da71d1431c","seq":1,"duration_ms":100,"bytes_in":211,"bytes_out":14,"enriched":{"digest":"3fbe56701421731b","label":"DICOM","strings":["ANY-SCP         ECHOSCU         0","1.2.840.10008.3.1.1.1","1.2.840.10008.1.1@","1.2.840.10008.1.2P","1.2.276.0.7230010.3.0.3.6.2U","OFFIS_DCMTK_362","1.2.840.10008.3.1.1.1 .","1.2.840.10008.1.2P:Q"]}},{"timestamp":"2026-06-24T04:53:09","port":5986,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"content-length\":\"198\",\"content-type\":\"application/soap+xml;charset=UTF-8\",\"host\":\"<HONEYPOT>:5986\",\"wsmanidentify\":\"unauthenticated\"}","body":"<s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsmid=\"http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd\"><s:Header/><s:Body><wsmid:Identify/></s:Body></s:Envelope>","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/wsman","summary":"","payload_hex":"504f5354202f77736d616e20485454502f312e310d0a436f6e74656e742d547970653a206170706c69636174696f6e2f736f61702b786d6c3b636861727365743d5554462d380d0a436f6e74656e742d4c656e6774683a203139380d0a486f73743a20<HONEYPOT>3a353938360d0a57534d414e4944454e544946593a20756e61757468656e746963617465640d0a0d0a3c733a456e76656c6f706520786d6c6e733a733d22687474703a2f2f7777772e77332e6f72672f323030332f30352f736f61702d656e76656c6f70652220786d6c6e733a77736d69643d22687474703a2f2f736368656d61732e646d74662e6f72672f7762656d2f77736d616e2f6964656e746974792f312f77736d616e6964656e746974792e787364223e3c733a4865616465722f3e3c733a426f64793e3c77736d69643a4964656e746966792f3e3c2f733a426f64793e3c2f733a456e76656c6f70653e","method":"POST","user_agent":"","community_id":"1:tfQ2uB8PPHOMfbw1jhL2ldygOi4=","ja3":"19e29534fd49dd27d09234e639c4057e","session":"f508b875-4308-4b6c-bc13-769e4a380709","seq":1,"duration_ms":100,"bytes_in":350,"bytes_out":79},{"timestamp":"2026-06-23T23:50:44","port":5984,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/_config","summary":"","payload_hex":"474554202f5f636f6e66696720485454502f312e310d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:9bzllZKFDANLTUrV5pZPnjI3ij8=","ja3":"","session":"2b9577ac-88f0-426f-85c4-cac166b19c2e","seq":1,"duration_ms":100,"bytes_in":192,"bytes_out":79},{"timestamp":"2026-06-22T20:25:08","port":9444,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9444\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393434340d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:ecgk4Dv5xMUsHuWyRwGPhCzjQUg=","ja3":"","session":"e6f24095-ad7d-4991-9326-ee822911de52","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":79},{"timestamp":"2026-06-22T18:47:30","port":60000,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:60000\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a36303030300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:lxzgkQKqYNNkM9Fp+Z/+sAd4q14=","ja3":"","session":"66045847-e289-4ab7-80dd-2b6f07ef6e25","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":79},{"timestamp":"2026-06-21T03:55:54","port":8080,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8080\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383038300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:LqNJFErf9jUz1Jm6zt7SaoQjvys=","ja3":"19e29534fd49dd27d09234e639c4057e","session":"d3eac608-d1f8-4c07-a766-79b0ebf1a657","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":79}],"http_methods":[{"method":"GET","count":142},{"method":"POST","count":1}],"distinct_ports_total":173,"top_paths":[{"path":"/","count":140,"ports":92},{"path":"/_config","count":1,"ports":1},{"path":"/wsman","count":1,"ports":1},{"path":"/.well-known/security.txt","count":1,"ports":1}],"distinct_paths_total":4,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":2}],"credentials":[],"header_profile":{"signature":["Content-Length","Content-Type","Host","Wsmanidentify"],"representative":[{"name":"Content-Length","value":"198","notable":false},{"name":"Content-Type","value":"application/soap+xml;charset=UTF-8","notable":true},{"name":"Host","value":"<HONEYPOT>:5986","notable":false},{"name":"Wsmanidentify","value":"unauthenticated","notable":false}],"distinct_sets":3,"events_with_headers":8},"tags":[],"data_as_of":"2026-06-26T15:56:39.573473+00:00"}