{"ip":"205.210.31.10","total_events":137,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-20T01:36:53","last_seen":"2026-06-04T04:08:15","events_24h":1,"events_7d":7,"geo":{"country_code":"US","country_name":"","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":9983,"proto":"tcp","label":"","count":17},{"port":3389,"proto":"tcp","label":"RDP","count":17},{"port":789,"proto":"tcp","label":"","count":6},{"port":1962,"proto":"tcp","label":"","count":4},{"port":2121,"proto":"tcp","label":"","count":4},{"port":41795,"proto":"tcp","label":"","count":4},{"port":1080,"proto":"tcp","label":"SOCKS","count":3},{"port":502,"proto":"tcp","label":"","count":3},{"port":7687,"proto":"tcp","label":"","count":3},{"port":4369,"proto":"tcp","label":"","count":3},{"port":5009,"proto":"tcp","label":"","count":3},{"port":113,"proto":"tcp","label":"","count":2},{"port":6667,"proto":"tcp","label":"IRC","count":2},{"port":548,"proto":"tcp","label":"","count":2},{"port":49502,"proto":"tcp","label":"","count":2}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190800_9dc949149365_97f8aa674fd9","t13i311000_e8f1e7e78f70_24695f2957a7","t13i140900_cbb2034c60b8_e7c285222651"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d","ge11nn0300_042112399351"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":677,"t13i311000_e8f1e7e78f70_24695f2957a7":500,"t13i190800_9dc949149365_97f8aa674fd9":3583,"ge11nn0300_0db47b7d240d":3776,"ge11nn0300_042112399351":3300,"ge11nn0200_3ed38b250d3d":1543,"ge10nn0200_5594a17e7e7e":1933},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","curl/7.68.0"],"timeline":[{"date":"2026-03-09","count":4},{"date":"2026-03-10","count":1},{"date":"2026-03-12","count":4},{"date":"2026-03-18","count":19},{"date":"2026-03-19","count":2},{"date":"2026-03-26","count":2},{"date":"2026-03-27","count":3},{"date":"2026-04-03","count":4},{"date":"2026-04-04","count":2},{"date":"2026-04-05","count":2},{"date":"2026-04-06","count":3},{"date":"2026-04-07","count":4},{"date":"2026-04-08","count":3},{"date":"2026-04-09","count":2},{"date":"2026-04-14","count":2},{"date":"2026-04-16","count":19},{"date":"2026-04-19","count":2},{"date":"2026-04-21","count":1},{"date":"2026-04-26","count":4},{"date":"2026-04-27","count":2},{"date":"2026-04-28","count":4},{"date":"2026-05-01","count":2},{"date":"2026-05-07","count":1},{"date":"2026-05-10","count":1},{"date":"2026-05-13","count":1},{"date":"2026-05-14","count":1},{"date":"2026-05-15","count":2},{"date":"2026-05-16","count":2},{"date":"2026-05-18","count":1},{"date":"2026-05-19","count":2},{"date":"2026-05-21","count":1},{"date":"2026-05-25","count":1},{"date":"2026-05-27","count":1},{"date":"2026-05-28","count":1},{"date":"2026-05-29","count":2},{"date":"2026-05-31","count":1},{"date":"2026-06-01","count":2},{"date":"2026-06-04","count":1}],"recent_events":[{"timestamp":"2026-06-04T04:08:15","port":25565,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"�\u0001","method":"","user_agent":""},{"timestamp":"2026-06-01T20:08:54","port":6697,"proto":"tcp","app_proto":"tls","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"\r\n\r\n","method":"","user_agent":""},{"timestamp":"2026-06-01T00:12:44","port":502,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u00137\u0000\u0000\u0000\u0005\u0000+\u000e\u0001\u0000","method":"","user_agent":""},{"timestamp":"2026-05-31T14:18:12","port":5556,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:5556\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/.well-known/security.txt","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-05-29T23:40:09","port":3052,"proto":"tcp","app_proto":"","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-05-29T09:09:17","port":4369,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0001n","method":"","user_agent":""},{"timestamp":"2026-05-28T23:08:37","port":8899,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8899\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-05-27T02:46:33","port":8008,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8008\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-05-25T01:39:02","port":4786,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0004\u0000\u0000\u0000\b\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000","method":"","user_agent":""},{"timestamp":"2026-05-21T04:07:55","port":548,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0004default\n","method":"","user_agent":"","enriched":{"digest":"7e4d95d785c63ee3","strings":["default"]}}],"http_methods":[{"method":"GET","count":12}],"distinct_ports_total":56,"top_paths":[{"path":"/","count":11,"ports":11},{"path":"/.well-known/security.txt","count":1,"ports":1}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":1}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:8899","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":3,"events_with_headers":4},"tags":[],"data_as_of":"2026-06-04T22:35:00.800536+00:00"}