{"ip":"198.235.24.19","total_events":160,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-20T04:21:23","last_seen":"2026-06-21T03:14:10","events_24h":0,"events_7d":8,"geo":{"country_code":"US","country_name":"United States","region":"California","city":"","lat":34.0544,"lon":-118.244,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":3389,"proto":"tcp","label":"RDP","count":28},{"port":11911,"proto":"tcp","label":"","count":8},{"port":106,"proto":"tcp","label":"","count":6},{"port":20256,"proto":"tcp","label":"","count":5},{"port":37,"proto":"tcp","label":"","count":4},{"port":37777,"proto":"tcp","label":"","count":4},{"port":50100,"proto":"tcp","label":"Cassandra","count":4},{"port":6881,"proto":"tcp","label":"","count":4},{"port":44818,"proto":"tcp","label":"","count":4},{"port":28016,"proto":"tcp","label":"","count":3},{"port":28015,"proto":"tcp","label":"","count":2},{"port":5009,"proto":"tcp","label":"","count":2},{"port":4022,"proto":"tcp","label":"MSSQL","count":2},{"port":623,"proto":"tcp","label":"","count":2},{"port":8008,"proto":"tcp","label":"HTTP-alt","count":2}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190800_9dc949149365_97f8aa674fd9","t13i140900_cbb2034c60b8_e7c285222651","t13i311000_e8f1e7e78f70_24695f2957a7","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["1487bd354c20f20dd642bebc7f706e95","004556e859f3c26c5d19746b3a957c74","19e29534fd49dd27d09234e639c4057e","2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d","ge11nn0300_042112399351"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":758,"t13i311000_e8f1e7e78f70_24695f2957a7":499,"t13i131000_f57a46bbacb6_ab7e3b40a677":5539,"t13i190800_9dc949149365_97f8aa674fd9":4316,"ge11nn0300_0db47b7d240d":4172,"ge11nn0300_042112399351":3345,"ge11nn0200_3ed38b250d3d":1564,"ge10nn0200_5594a17e7e7e":1973},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","curl/7.68.0"],"timeline":[{"date":"2026-03-25","count":2},{"date":"2026-03-26","count":1},{"date":"2026-03-27","count":6},{"date":"2026-03-30","count":2},{"date":"2026-04-01","count":1},{"date":"2026-04-02","count":5},{"date":"2026-04-03","count":2},{"date":"2026-04-04","count":2},{"date":"2026-04-05","count":20},{"date":"2026-04-07","count":1},{"date":"2026-04-08","count":2},{"date":"2026-04-10","count":1},{"date":"2026-04-11","count":2},{"date":"2026-04-12","count":3},{"date":"2026-04-13","count":2},{"date":"2026-04-15","count":2},{"date":"2026-04-16","count":4},{"date":"2026-04-18","count":4},{"date":"2026-04-20","count":4},{"date":"2026-04-22","count":2},{"date":"2026-04-23","count":4},{"date":"2026-04-24","count":2},{"date":"2026-04-29","count":1},{"date":"2026-04-30","count":3},{"date":"2026-05-01","count":2},{"date":"2026-05-04","count":1},{"date":"2026-05-07","count":2},{"date":"2026-05-09","count":2},{"date":"2026-05-11","count":1},{"date":"2026-05-12","count":1},{"date":"2026-05-13","count":1},{"date":"2026-05-14","count":1},{"date":"2026-05-21","count":11},{"date":"2026-05-24","count":1},{"date":"2026-05-25","count":1},{"date":"2026-05-26","count":1},{"date":"2026-05-27","count":2},{"date":"2026-06-01","count":1},{"date":"2026-06-04","count":3},{"date":"2026-06-05","count":3},{"date":"2026-06-07","count":1},{"date":"2026-06-08","count":2},{"date":"2026-06-12","count":1},{"date":"2026-06-14","count":2},{"date":"2026-06-15","count":1},{"date":"2026-06-16","count":2},{"date":"2026-06-18","count":2},{"date":"2026-06-19","count":1},{"date":"2026-06-21","count":2}],"recent_events":[{"timestamp":"2026-06-21T03:14:10","port":9983,"proto":"tcp","app_proto":"","app_protocol":"tpkt","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0001�\u0002��e�\u0001�\u0004\u0001\u0001\u0004\u0001\u0001\u0001\u0001�0\u0019\u0002\u0001\"\u0002\u0001\u0002\u0002\u0001\u0000\u0002\u0001\u0001\u0002\u0001\u0000\u0002\u0001\u0001\u0002\u0002��\u0002\u0001\u00020\u0019\u0002\u0001\u0001\u0002\u0001\u0001\u0002\u0001\u0001\u0002\u0001\u0001\u0002\u0001\u0000\u0002\u0001\u0001\u0002\u0002\u0004 \u0002\u0001\u00020\u001c\u0002\u0002��\u0002\u0002�\u0017\u0002\u0002��\u0002\u0001\u0001\u0002\u0001\u0000\u0002\u0001\u0001\u0002\u0002��\u0002\u0001\u0002\u0004�\u0001/\u0000\u0005\u0000\u0014|\u0000\u0001�&\u0000\b\u0000\u0010\u0000\u0001�\u0000Duca�\u0018\u0001��\u0000\u0004\u0000\b\u0000\u0000\u0005 \u0003\u0001�\u0003�\t\b\u0000\u0000(\n\u0000\u0000E\u0000M\u0000P\u0000-\u0000L\u0000A\u0000P\u0000-\u00000\u00000\u00001\u00004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001�\u0001\u0000\u0000\u0000\u0000\u0000\u0010\u0000\u0007\u0000\u0001\u00007\u00006\u00004\u00008\u00007\u0000-\u0000O\u0000E\u0000M\u0000-\u00000\u00000\u00001\u00001\u00009\u00000\u00003\u0000-\u00000\u00000\u00001\u00000\u00007\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004�\f\u0000\t\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002�\f\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0003�,\u0000\u0003\u0000\u0000\u0000rdpdr\u0000\u0000\u0000\u0000\u0000��cliprdr\u0000\u0000\u0000��rdpsnd\u0000\u0000\u0000\u0000\u0000�","payload_hex":"0300019c02f0807f658201900401010401010101ff30190201220201020201000201010201000201010202ffff020102301902010102010102010102010102010002010102020420020102301c0202ffff0202fc170202ffff0201010201000201010202ffff0201020482012f000500147c00018126000800100001c00044756361811801c0d400040008000005200301ca03aa09080000280a000045004d0050002d004c00410050002d003000300031003400000000000000000004000000000000000c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001ca010000000000100007000100370036003400380037002d004f0045004d002d0030003000310031003900300033002d0030003000310030003700000000000000000000000000000000000000000004c00c00090000000000000002c00c00010000000000000003c02c0003000000726470647200000000008080636c6970726472000000a0c0726470736e640000000000c0","method":"","user_agent":"","community_id":"1:g2NO6HOFJm0VahX4fDibK60zVp8=","ja3":"","session":"e7db0945-426d-4724-9e97-9682e72c02b6","seq":2,"duration_ms":683,"bytes_in":451,"bytes_out":26,"enriched":{"digest":"f5279ec347b4ba38","label":"TPKT / COTP (ISO-TSAP)","strings":["Duca","rdpdr","cliprdr","rdpsnd","EMP-LAP-0014","76487-OEM-0011903-00107"]}},{"timestamp":"2026-06-21T03:14:10","port":9983,"proto":"tcp","app_proto":"","app_protocol":"rdp","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0003\u0000\u0000'\"�\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Vqhqcwbhr\r\n","payload_hex":"0300002722e00000000000436f6f6b69653a206d737473686173683d5671687163776268720d0a","method":"","user_agent":"","community_id":"1:g2NO6HOFJm0VahX4fDibK60zVp8=","ja3":"","session":"e7db0945-426d-4724-9e97-9682e72c02b6","seq":1,"duration_ms":100,"bytes_in":39,"bytes_out":13,"enriched":{"digest":"a23f294a79140fea","label":"RDP (X.224)","strings":["Cookie: mstshash=Vqhqcwbhr"]}},{"timestamp":"2026-06-19T00:13:00","port":23556,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:23556\",\"user-agent\":\"curl/7.68.0\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32333535360d0a557365722d4167656e743a206375726c2f372e36382e300d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"curl/7.68.0","community_id":"1:0NE+gfcLkzOiF2iC6qnC1+FrAo4=","ja3":"004556e859f3c26c5d19746b3a957c74","session":"c7be4d3c-ade3-4db5-9238-bf37bfec61ef","seq":1,"duration_ms":261,"bytes_in":82,"bytes_out":78},{"timestamp":"2026-06-18T18:35:02","port":58603,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:58603\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a35383630330d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:AI8+dnzQ1zOy4BwR4f41sIFjiFI=","ja3":"","session":"a26b2f69-fa6b-42ce-9bf9-2c4077c9141f","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":78},{"timestamp":"2026-06-18T17:54:43","port":28016,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u000f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0003\u0000\u0000\u0000admin\u0000\u0000","payload_hex":"0f000000000000000300000061646d696e0000","method":"","user_agent":"","community_id":"1:U+MoR4jQLIPnqKXNffJh4lb0+q8=","ja3":"","session":"1140547e-0a86-4cdc-af90-3b8d2e9ca678","seq":1,"duration_ms":101,"bytes_in":19,"bytes_out":13,"enriched":{"digest":"9ad568e45a190c12","strings":["admin"]}},{"timestamp":"2026-06-16T17:13:39","port":20547,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"�\u0001\u0000\u000b@\u0002\u0000\u0000G�","payload_hex":"cc01000b4002000047ee","method":"","user_agent":"","community_id":"1:y8s5egfQ8UxFaIX47brsSW1YYFA=","ja3":"","session":"e8ae6c09-90f1-4627-b3ae-1045e9640ee8","seq":1,"duration_ms":101,"bytes_in":10,"bytes_out":13},{"timestamp":"2026-06-16T04:15:50","port":53524,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:53524\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a35333532340d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:0mkGM4WnfMqBmv4PTga+ydFRgsM=","ja3":"19e29534fd49dd27d09234e639c4057e","session":"132354ba-4ba7-4085-9c22-bd4b0c85287d","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":78},{"timestamp":"2026-06-15T04:55:06","port":3344,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:3344\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a333334340d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:2fbOicJUSy2SpjiGFAm68Eb/ATA=","ja3":"2196848d251b217de8b2c037e356c11d","session":"4f1e1ea7-859c-42db-ba91-f79046e5891b","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":78},{"timestamp":"2026-06-14T06:18:53","port":943,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:943\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/.well-known/security.txt","summary":"","payload_hex":"474554202f2e77656c6c2d6b6e6f776e2f73656375726974792e74787420485454502f312e310d0a486f73743a20<HONEYPOT>3a3934330d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:nd95VNQ6zTQ+jXoOxYHjNEvR7l0=","ja3":"1487bd354c20f20dd642bebc7f706e95","session":"d9e33093-6b1c-4e20-8cd6-550bd5e72c66","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":78},{"timestamp":"2026-06-14T06:18:53","port":8015,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:8015\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/.well-known/security.txt","summary":"","payload_hex":"474554202f2e77656c6c2d6b6e6f776e2f73656375726974792e74787420485454502f312e310d0a486f73743a20<HONEYPOT>3a383031350d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:j5JU+TC/BVJUKzlKiLDJL4pZhz8=","ja3":"1487bd354c20f20dd642bebc7f706e95","session":"3a9b21e1-aefe-4900-b1d9-a745dcbc09bb","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":78}],"http_methods":[{"method":"GET","count":34}],"distinct_ports_total":76,"top_paths":[{"path":"/","count":31,"ports":30},{"path":"/.well-known/security.txt","count":3,"ports":3}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept","Host","User-Agent"],"representative":[{"name":"Accept","value":"*/*","notable":false},{"name":"Host","value":"<HONEYPOT>:23556","notable":false},{"name":"User-Agent","value":"curl/7.68.0","notable":false}],"distinct_sets":3,"events_with_headers":6},"tags":[],"data_as_of":"2026-06-22T04:30:27.000646+00:00"}