{"ip":"205.210.31.252","total_events":603,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-16T18:44:12","last_seen":"2026-06-26T16:21:05","events_24h":2,"events_7d":47,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":3390,"proto":"tcp","label":"","count":45},{"port":3389,"proto":"tcp","label":"RDP","count":28},{"port":3388,"proto":"tcp","label":"","count":28},{"port":9983,"proto":"tcp","label":"","count":17},{"port":20256,"proto":"tcp","label":"","count":13},{"port":8081,"proto":"tcp","label":"","count":7},{"port":80,"proto":"tcp","label":"HTTP","count":7},{"port":22,"proto":"tcp","label":"SSH","count":7},{"port":10259,"proto":"tcp","label":"","count":7},{"port":1801,"proto":"tcp","label":"","count":7},{"port":40005,"proto":"tcp","label":"","count":6},{"port":37,"proto":"tcp","label":"","count":6},{"port":135,"proto":"tcp","label":"MSRPC","count":6},{"port":20257,"proto":"tcp","label":"","count":6},{"port":2404,"proto":"tcp","label":"","count":6}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190800_9dc949149365_97f8aa674fd9","t13i140900_cbb2034c60b8_e7c285222651","t13i311000_e8f1e7e78f70_24695f2957a7","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["1487bd354c20f20dd642bebc7f706e95","004556e859f3c26c5d19746b3a957c74","19e29534fd49dd27d09234e639c4057e","2196848d251b217de8b2c037e356c11d"],"ja4h":["po11nn0400_7e1fe689c643","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d","ge11nn0300_042112399351"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":1105,"t13i311000_e8f1e7e78f70_24695f2957a7":506,"t13i131000_f57a46bbacb6_ab7e3b40a677":5576,"t13i190800_9dc949149365_97f8aa674fd9":5693,"ge11nn0300_0db47b7d240d":4269,"ge11nn0300_042112399351":3363,"ge11nn0200_3ed38b250d3d":1906,"po11nn0400_7e1fe689c643":176},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","curl/7.68.0"],"timeline":[{"date":"2026-03-28","count":4},{"date":"2026-03-29","count":3},{"date":"2026-03-30","count":26},{"date":"2026-04-02","count":2},{"date":"2026-04-03","count":5},{"date":"2026-04-04","count":1},{"date":"2026-04-05","count":11},{"date":"2026-04-06","count":5},{"date":"2026-04-07","count":6},{"date":"2026-04-08","count":4},{"date":"2026-04-09","count":5},{"date":"2026-04-10","count":3},{"date":"2026-04-11","count":3},{"date":"2026-04-12","count":3},{"date":"2026-04-13","count":4},{"date":"2026-04-14","count":9},{"date":"2026-04-15","count":2},{"date":"2026-04-16","count":11},{"date":"2026-04-18","count":5},{"date":"2026-04-19","count":5},{"date":"2026-04-20","count":4},{"date":"2026-04-21","count":6},{"date":"2026-04-22","count":8},{"date":"2026-04-23","count":3},{"date":"2026-04-24","count":2},{"date":"2026-04-25","count":4},{"date":"2026-04-26","count":4},{"date":"2026-04-27","count":1},{"date":"2026-04-28","count":8},{"date":"2026-04-29","count":24},{"date":"2026-04-30","count":19},{"date":"2026-05-01","count":7},{"date":"2026-05-02","count":4},{"date":"2026-05-04","count":2},{"date":"2026-05-06","count":2},{"date":"2026-05-07","count":5},{"date":"2026-05-08","count":1},{"date":"2026-05-09","count":6},{"date":"2026-05-10","count":2},{"date":"2026-05-11","count":4},{"date":"2026-05-12","count":2},{"date":"2026-05-13","count":3},{"date":"2026-05-14","count":3},{"date":"2026-05-15","count":1},{"date":"2026-05-18","count":2},{"date":"2026-05-19","count":2},{"date":"2026-05-20","count":3},{"date":"2026-05-22","count":1},{"date":"2026-05-23","count":1},{"date":"2026-05-25","count":1},{"date":"2026-05-26","count":2},{"date":"2026-05-27","count":2},{"date":"2026-05-29","count":2},{"date":"2026-05-30","count":2},{"date":"2026-05-31","count":5},{"date":"2026-06-01","count":3},{"date":"2026-06-02","count":3},{"date":"2026-06-03","count":2},{"date":"2026-06-04","count":1},{"date":"2026-06-06","count":3},{"date":"2026-06-07","count":4},{"date":"2026-06-08","count":3},{"date":"2026-06-09","count":2},{"date":"2026-06-10","count":3},{"date":"2026-06-11","count":1},{"date":"2026-06-12","count":2},{"date":"2026-06-13","count":1},{"date":"2026-06-14","count":11},{"date":"2026-06-15","count":16},{"date":"2026-06-16","count":2},{"date":"2026-06-17","count":4},{"date":"2026-06-18","count":1},{"date":"2026-06-19","count":2},{"date":"2026-06-20","count":15},{"date":"2026-06-21","count":17},{"date":"2026-06-22","count":5},{"date":"2026-06-23","count":2},{"date":"2026-06-24","count":4},{"date":"2026-06-25","count":3},{"date":"2026-06-26","count":1}],"recent_events":[{"timestamp":"2026-06-26T16:21:05","port":1433,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0012\u0001\u0000)\u0000\u0000\u0001\u0000\u0000\u0000\u0015\u0000\u0006\u0001\u0000\u001b\u0000\u0001\u0002\u0000\u001c\u0000\u0001\u0003\u0000\u001d\u0000\u0004�\t\u0000\u0005w\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","payload_hex":"1201002900000100000015000601001b000102001c000103001d0004ff090005770000000000000000","method":"","user_agent":"","community_id":"1:CE6ZQYWFauMJNb+YW/dDX95L3PY=","ja3":"","session":"40776aad-7069-4882-9eef-20c3f22bfd94","seq":1,"duration_ms":100,"bytes_in":41,"bytes_out":14},{"timestamp":"2026-06-25T19:54:39","port":2096,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:2096\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a323039360d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:462lxxx0fpVcy8/Ym+7Gw9CL5Sg=","ja3":"19e29534fd49dd27d09234e639c4057e","session":"0fceeed7-12a8-472c-b22d-d272c44830be","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":79},{"timestamp":"2026-06-25T07:28:48","port":993,"proto":"tcp","app_proto":"tls","app_protocol":"tls","host":"","headers":"","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"","summary":"a001 CAPABILITY\r\n","payload_hex":"61303031204341504142494c4954590d0a","method":"","user_agent":"","community_id":"1:d4REZ8IkQpKGyI06goVAB4BN9RQ=","ja3":"2196848d251b217de8b2c037e356c11d","session":"cc535fa9-eca9-4436-8bba-95e6a1c2dab7","seq":1,"duration_ms":296,"bytes_in":17,"bytes_out":20,"enriched":{"digest":"c7aa9805de16f873","strings":["a001 CAPABILITY"]}},{"timestamp":"2026-06-25T02:20:55","port":10003,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:10003\",\"user-agent\":\"curl/7.68.0\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a31303030330d0a557365722d4167656e743a206375726c2f372e36382e300d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"curl/7.68.0","community_id":"1:UxJILZHMZGXMxKyWoXOU2hIGRFs=","ja3":"004556e859f3c26c5d19746b3a957c74","session":"ca63c9ce-4db1-4639-a354-94bd97a35aa5","seq":1,"duration_ms":229,"bytes_in":82,"bytes_out":79},{"timestamp":"2026-06-24T23:42:47","port":23556,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:23556\",\"user-agent\":\"curl/7.68.0\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32333535360d0a557365722d4167656e743a206375726c2f372e36382e300d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"curl/7.68.0","community_id":"1:aISHd/4vm0fT9Vx3jjXJB2jkoC0=","ja3":"004556e859f3c26c5d19746b3a957c74","session":"ddafaf91-9aa8-421d-8f76-3e8067752da8","seq":1,"duration_ms":229,"bytes_in":82,"bytes_out":79},{"timestamp":"2026-06-24T23:27:28","port":20256,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"IUe\u0000\b\u0000/ 1UGED\rUIe\u0000\u000f\u0000/ 1RNJ00090165\r","payload_hex":"4955650008002f2031554745440d554965000f002f2031524e4a30303039303136350d","method":"","user_agent":"","community_id":"1:9Y06h+aZeJVr2MymV/mbG082PJ8=","ja3":"","session":"90b867ed-e5c8-4904-913d-fc9b1d073088","seq":2,"duration_ms":408,"bytes_in":49,"bytes_out":28,"enriched":{"digest":"f6e07e95e7bb738c","strings":["/ 1UGED","/ 1RNJ00090165"]}},{"timestamp":"2026-06-24T23:27:28","port":20256,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"SIe\u0000\b\u0000/ 1IDDE\r","payload_hex":"5349650008002f2031494444450d","method":"","user_agent":"","community_id":"1:9Y06h+aZeJVr2MymV/mbG082PJ8=","ja3":"","session":"90b867ed-e5c8-4904-913d-fc9b1d073088","seq":1,"duration_ms":100,"bytes_in":14,"bytes_out":14,"enriched":{"digest":"373991cc0d914b2c","strings":["/ 1IDDE"]}},{"timestamp":"2026-06-24T21:39:40","port":8010,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8010\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383031300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:PkgKoDlRpjXN8XojOdRKV892Wfg=","ja3":"19e29534fd49dd27d09234e639c4057e","session":"dba46155-0fed-4ece-8239-96194fa04305","seq":1,"duration_ms":101,"bytes_in":220,"bytes_out":79},{"timestamp":"2026-06-23T21:24:01","port":42713,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:42713\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34323731330d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:LP9OBMY4QQmCo2D1gCf+KyHJpDY=","ja3":"19e29534fd49dd27d09234e639c4057e","session":"26583136-a394-4120-96ab-f74ba9d72bd9","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":79},{"timestamp":"2026-06-23T09:06:44","port":49,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"�\u0001\u0001\u0000�/\u0010�\u0000\u0000\u0000\u0017u�S< @BB��t�\u0001\"a8o�MS���","payload_hex":"c00101008f2f10a00000001775eb533c2040424289ac7497012261386ffd4d53d8e2ad","method":"","user_agent":"","community_id":"1:HHMSzs5HrFiE9mtv4jWL62n2KkM=","ja3":"","session":"c42d44d6-9e97-4055-a052-66a2ed63956b","seq":1,"duration_ms":100,"bytes_in":35,"bytes_out":14,"enriched":{"digest":"4a47dc4cb8300ac2","strings":["S< @BB","\"a8o"]}}],"http_methods":[{"method":"GET","count":164},{"method":"POST","count":1}],"distinct_ports_total":205,"top_paths":[{"path":"/","count":143,"ports":102},{"path":"/.well-known/security.txt","count":21,"ports":19},{"path":"/wsman","count":1,"ports":1}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":2}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:2096","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":5},"tags":[],"data_as_of":"2026-06-26T17:34:01.882402+00:00"}