{"ip":"205.210.31.57","total_events":443,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-19T07:32:47","last_seen":"2026-06-04T23:29:32","events_24h":5,"events_7d":19,"geo":{"country_code":"US","country_name":"","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":3389,"proto":"tcp","label":"RDP","count":45},{"port":9983,"proto":"tcp","label":"","count":22},{"port":20256,"proto":"tcp","label":"","count":10},{"port":20000,"proto":"tcp","label":"","count":8},{"port":83,"proto":"tcp","label":"","count":6},{"port":50995,"proto":"tcp","label":"","count":6},{"port":2181,"proto":"tcp","label":"","count":6},{"port":9595,"proto":"tcp","label":"","count":6},{"port":8000,"proto":"tcp","label":"HTTP-alt","count":6},{"port":9092,"proto":"tcp","label":"Kafka","count":6},{"port":5800,"proto":"tcp","label":"VNC-HTTP","count":5},{"port":8008,"proto":"tcp","label":"HTTP-alt","count":5},{"port":4025,"proto":"tcp","label":"","count":5},{"port":4911,"proto":"tcp","label":"","count":5},{"port":50996,"proto":"tcp","label":"","count":5}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190800_9dc949149365_97f8aa674fd9","t13i140900_cbb2034c60b8_e7c285222651","t13i311000_e8f1e7e78f70_24695f2957a7","t13i131000_f57a46bbacb6_ab7e3b40a677"],"ja4h":["po11nn0400_7e1fe689c643","ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0300_042112399351"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":677,"t13i311000_e8f1e7e78f70_24695f2957a7":499,"t13i131000_f57a46bbacb6_ab7e3b40a677":5454,"t13i190800_9dc949149365_97f8aa674fd9":3566,"ge11nn0300_0db47b7d240d":3774,"ge11nn0300_042112399351":3298,"po11nn0400_7e1fe689c643":182,"ge10nn0200_5594a17e7e7e":1933},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","curl/7.68.0"],"timeline":[{"date":"2026-03-07","count":2},{"date":"2026-03-08","count":5},{"date":"2026-03-09","count":4},{"date":"2026-03-10","count":11},{"date":"2026-03-11","count":2},{"date":"2026-03-12","count":7},{"date":"2026-03-13","count":5},{"date":"2026-03-14","count":2},{"date":"2026-03-15","count":10},{"date":"2026-03-16","count":5},{"date":"2026-03-17","count":2},{"date":"2026-03-18","count":4},{"date":"2026-03-19","count":2},{"date":"2026-03-20","count":5},{"date":"2026-03-21","count":4},{"date":"2026-03-22","count":1},{"date":"2026-03-23","count":6},{"date":"2026-03-24","count":3},{"date":"2026-03-26","count":3},{"date":"2026-03-27","count":4},{"date":"2026-03-28","count":19},{"date":"2026-03-29","count":2},{"date":"2026-03-30","count":7},{"date":"2026-03-31","count":6},{"date":"2026-04-01","count":2},{"date":"2026-04-04","count":5},{"date":"2026-04-05","count":3},{"date":"2026-04-07","count":6},{"date":"2026-04-08","count":2},{"date":"2026-04-09","count":2},{"date":"2026-04-10","count":7},{"date":"2026-04-11","count":4},{"date":"2026-04-12","count":4},{"date":"2026-04-14","count":4},{"date":"2026-04-15","count":2},{"date":"2026-04-16","count":2},{"date":"2026-04-17","count":1},{"date":"2026-04-18","count":2},{"date":"2026-04-19","count":10},{"date":"2026-04-20","count":5},{"date":"2026-04-21","count":11},{"date":"2026-04-22","count":2},{"date":"2026-04-23","count":6},{"date":"2026-04-24","count":1},{"date":"2026-04-25","count":2},{"date":"2026-04-27","count":6},{"date":"2026-04-28","count":1},{"date":"2026-04-29","count":8},{"date":"2026-04-30","count":4},{"date":"2026-05-01","count":4},{"date":"2026-05-02","count":7},{"date":"2026-05-03","count":1},{"date":"2026-05-04","count":6},{"date":"2026-05-05","count":4},{"date":"2026-05-06","count":3},{"date":"2026-05-07","count":3},{"date":"2026-05-08","count":1},{"date":"2026-05-10","count":6},{"date":"2026-05-11","count":4},{"date":"2026-05-12","count":12},{"date":"2026-05-14","count":2},{"date":"2026-05-15","count":12},{"date":"2026-05-16","count":1},{"date":"2026-05-17","count":6},{"date":"2026-05-19","count":4},{"date":"2026-05-20","count":3},{"date":"2026-05-21","count":5},{"date":"2026-05-22","count":15},{"date":"2026-05-23","count":4},{"date":"2026-05-24","count":2},{"date":"2026-05-25","count":3},{"date":"2026-05-26","count":2},{"date":"2026-05-27","count":2},{"date":"2026-05-28","count":2},{"date":"2026-05-29","count":2},{"date":"2026-05-30","count":3},{"date":"2026-06-01","count":1},{"date":"2026-06-02","count":3},{"date":"2026-06-03","count":5},{"date":"2026-06-04","count":5}],"recent_events":[{"timestamp":"2026-06-04T23:29:32","port":8899,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8899\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-04T20:24:08","port":4172,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:4172\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-04T06:45:47","port":5678,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:5678\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-04T04:34:37","port":3917,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:3917\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-04T04:10:02","port":1234,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:1234\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-03T21:49:17","port":4911,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"fox a 1 -1 fox hello\n{\nfox.version=s:1.0\nid=i:1\nhostName=s:xpvm-0omdc01xmy\nhostAddress=s:192.168.1.125\napp.name=s:Workbench\napp.version=s:3.7.44\nvm.name=s:Java HotSpot(TM) Server VM\nvm.version=s:20.4-b02\nos.name=s:Windows XP\nos.version=s:5.1\nlang=s:en\ntimeZone=s:America/Los_Angeles;-28800000;3600000;02:00:00.000,wall,march,8,on or after,sunday,undefined;02:00:00.000,wall,november,1,on or after,sunday,undefined\nhostId=s:Win-99CB-D49D-5442-07BB\nvmUuid=s:8b530bc8-76c5-4139-a2ea-0fabd394d305\nbrandId=s:vykon\n};;\n","method":"","user_agent":"","enriched":{"digest":"fe39c976bf6d2d07","strings":["fox a 1 -1 fox hello","fox.version=s:1.0","id=i:1","hostName=s:xpvm-0omdc01xmy","hostAddress=s:192.168.1.125","app.name=s:Workbench","app.version=s:3.7.44","vm.name=s:Java HotSpot(TM) Server VM","vm.version=s:20.4-b02","os.name=s:Windows XP"],"iocs":{"ips":["192.168.1.125"],"domains":["fox.version","app.name","app.version","vm.name","vm.version","os.name"]}}},{"timestamp":"2026-06-03T21:40:32","port":50995,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:50995\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-03T20:35:52","port":8880,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8880\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-03T12:29:18","port":2604,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\r\n\r\n","method":"","user_agent":""},{"timestamp":"2026-06-03T01:33:38","port":17778,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:17778\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"}],"http_methods":[{"method":"GET","count":105},{"method":"POST","count":1}],"distinct_ports_total":163,"top_paths":[{"path":"/","count":104,"ports":76},{"path":"/wsman","count":1,"ports":1},{"path":"/.well-known/security.txt","count":1,"ports":1}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:8899","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":1,"events_with_headers":8},"tags":[],"data_as_of":"2026-06-04T23:52:45.566802+00:00"}