{"ip":"205.210.31.86","total_events":558,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null,"why":["Source IP is in a known scanner range (paloaltonetworks).","Known research and commercial scanners are labelled as such, not as threats."]},"first_seen":"2026-02-17T01:43:19","last_seen":"2026-07-05T20:50:00","events_24h":9,"events_7d":30,"geo":{"country_code":"US","country_name":"United States","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[{"cve_id":"CVE-2026-34197","title":"Apache ActiveMQ - Remote Code Execution","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"/api/jolokia/"}],"malware":[],"top_ports":[{"port":3389,"proto":"tcp","label":"RDP","count":17},{"port":3388,"proto":"tcp","label":"","count":17},{"port":20257,"proto":"tcp","label":"","count":15},{"port":20256,"proto":"tcp","label":"","count":13},{"port":2604,"proto":"tcp","label":"","count":10},{"port":445,"proto":"tcp","label":"SMB","count":10},{"port":135,"proto":"tcp","label":"MSRPC","count":7},{"port":88,"proto":"tcp","label":"","count":7},{"port":118,"proto":"tcp","label":"","count":7},{"port":1028,"proto":"tcp","label":"","count":6},{"port":8159,"proto":"tcp","label":"","count":6},{"port":2602,"proto":"tcp","label":"","count":5},{"port":50995,"proto":"tcp","label":"","count":5},{"port":10000,"proto":"tcp","label":"Webmin","count":5},{"port":10257,"proto":"tcp","label":"","count":5}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190800_9dc949149365_97f8aa674fd9","t13i140900_cbb2034c60b8_e7c285222651","t13i311000_e8f1e7e78f70_24695f2957a7","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["1487bd354c20f20dd642bebc7f706e95","004556e859f3c26c5d19746b3a957c74","19e29534fd49dd27d09234e639c4057e","2196848d251b217de8b2c037e356c11d"],"ja4h":["po11nn0300_7059b3fb2d4a","ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0300_042112399351"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":1708,"t13i311000_e8f1e7e78f70_24695f2957a7":506,"t13i131000_f57a46bbacb6_ab7e3b40a677":5493,"t13i190800_9dc949149365_97f8aa674fd9":7044,"ge11nn0300_0db47b7d240d":4372,"ge11nn0300_042112399351":3357,"po11nn0300_7059b3fb2d4a":166,"ge10nn0200_5594a17e7e7e":1966},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","curl/7.68.0"],"timeline":[{"date":"2026-04-07","count":9},{"date":"2026-04-08","count":3},{"date":"2026-04-09","count":9},{"date":"2026-04-10","count":5},{"date":"2026-04-11","count":1},{"date":"2026-04-12","count":4},{"date":"2026-04-14","count":2},{"date":"2026-04-15","count":5},{"date":"2026-04-16","count":4},{"date":"2026-04-18","count":18},{"date":"2026-04-19","count":3},{"date":"2026-04-20","count":5},{"date":"2026-04-21","count":4},{"date":"2026-04-22","count":2},{"date":"2026-04-23","count":3},{"date":"2026-04-24","count":2},{"date":"2026-04-27","count":4},{"date":"2026-04-28","count":8},{"date":"2026-04-29","count":6},{"date":"2026-04-30","count":1},{"date":"2026-05-01","count":4},{"date":"2026-05-02","count":5},{"date":"2026-05-03","count":4},{"date":"2026-05-04","count":2},{"date":"2026-05-05","count":1},{"date":"2026-05-06","count":2},{"date":"2026-05-07","count":2},{"date":"2026-05-08","count":3},{"date":"2026-05-09","count":2},{"date":"2026-05-10","count":7},{"date":"2026-05-11","count":3},{"date":"2026-05-13","count":4},{"date":"2026-05-14","count":3},{"date":"2026-05-15","count":2},{"date":"2026-05-17","count":5},{"date":"2026-05-18","count":1},{"date":"2026-05-19","count":1},{"date":"2026-05-20","count":4},{"date":"2026-05-21","count":1},{"date":"2026-05-22","count":4},{"date":"2026-05-23","count":2},{"date":"2026-05-24","count":5},{"date":"2026-05-25","count":4},{"date":"2026-05-26","count":1},{"date":"2026-05-27","count":5},{"date":"2026-05-28","count":5},{"date":"2026-05-29","count":1},{"date":"2026-05-30","count":1},{"date":"2026-05-31","count":3},{"date":"2026-06-01","count":1},{"date":"2026-06-02","count":2},{"date":"2026-06-03","count":2},{"date":"2026-06-04","count":2},{"date":"2026-06-05","count":3},{"date":"2026-06-06","count":2},{"date":"2026-06-07","count":3},{"date":"2026-06-08","count":2},{"date":"2026-06-09","count":1},{"date":"2026-06-10","count":2},{"date":"2026-06-11","count":4},{"date":"2026-06-12","count":2},{"date":"2026-06-13","count":3},{"date":"2026-06-14","count":8},{"date":"2026-06-15","count":4},{"date":"2026-06-16","count":5},{"date":"2026-06-17","count":1},{"date":"2026-06-18","count":2},{"date":"2026-06-19","count":1},{"date":"2026-06-20","count":3},{"date":"2026-06-21","count":3},{"date":"2026-06-22","count":5},{"date":"2026-06-23","count":2},{"date":"2026-06-24","count":2},{"date":"2026-06-25","count":1},{"date":"2026-06-26","count":5},{"date":"2026-06-27","count":3},{"date":"2026-06-28","count":12},{"date":"2026-06-29","count":2},{"date":"2026-06-30","count":7},{"date":"2026-07-01","count":2},{"date":"2026-07-02","count":3},{"date":"2026-07-03","count":3},{"date":"2026-07-04","count":4},{"date":"2026-07-05","count":9}],"recent_events":[{"timestamp":"2026-07-05T20:50:00","port":4567,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:4567\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a343536370d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:1bAUmo6HOV4MtWc6D3hT1GxNhJg=","ja3":"","session":"e8cde5f9-f996-4631-9a5a-03397bb68b5e","seq":1,"duration_ms":101,"bytes_in":220,"bytes_out":78},{"timestamp":"2026-07-05T15:09:24","port":9000,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:9000\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/.well-known/security.txt","summary":"","payload_hex":"474554202f2e77656c6c2d6b6e6f776e2f73656375726974792e74787420485454502f312e310d0a486f73743a20<HONEYPOT>3a393030300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:M//IEXbtUrO5aEd8g6iKMlFQrAw=","ja3":"","session":"cdd0151b-8547-4956-bb42-b72dcca3b438","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":78},{"timestamp":"2026-07-05T15:09:24","port":8080,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:8080\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/.well-known/security.txt","summary":"","payload_hex":"474554202f2e77656c6c2d6b6e6f776e2f73656375726974792e74787420485454502f312e310d0a486f73743a20<HONEYPOT>3a383038300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:v7UoiSzs4KU7hi3/IWu/JnnttQE=","ja3":"1487bd354c20f20dd642bebc7f706e95","session":"763f0a65-d519-4cf7-99ce-ccd30a376ee3","seq":1,"duration_ms":101,"bytes_in":221,"bytes_out":78},{"timestamp":"2026-07-05T14:59:33","port":50003,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:50003\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/.well-known/security.txt","summary":"","payload_hex":"474554202f2e77656c6c2d6b6e6f776e2f73656375726974792e74787420485454502f312e310d0a486f73743a20<HONEYPOT>3a35303030330d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:8tsmiT/2wI9r6B10T6EtWswQGV4=","ja3":"1487bd354c20f20dd642bebc7f706e95","session":"a4523c61-e62b-4592-ba51-068fdfa1ee96","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":78},{"timestamp":"2026-07-05T14:59:33","port":3909,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:3909\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/.well-known/security.txt","summary":"","payload_hex":"474554202f2e77656c6c2d6b6e6f776e2f73656375726974792e74787420485454502f312e310d0a486f73743a20<HONEYPOT>3a333930390d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:H2rR08wLach7C4UVqlaoZi1TUDs=","ja3":"1487bd354c20f20dd642bebc7f706e95","session":"de383af1-5315-4bb8-a869-fada8f571193","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":78},{"timestamp":"2026-07-05T12:22:15","port":10000,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:10000\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/.well-known/security.txt","summary":"","payload_hex":"474554202f2e77656c6c2d6b6e6f776e2f73656375726974792e74787420485454502f312e310d0a486f73743a20<HONEYPOT>3a31303030300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:ZybsZpfygMH7Cn/bW/24piakiHU=","ja3":"1487bd354c20f20dd642bebc7f706e95","session":"bf02090c-3cbe-4c90-b944-4fb3abded465","seq":1,"duration_ms":100,"bytes_in":223,"bytes_out":78},{"timestamp":"2026-07-05T12:22:15","port":8800,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:8800\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/.well-known/security.txt","summary":"","payload_hex":"474554202f2e77656c6c2d6b6e6f776e2f73656375726974792e74787420485454502f312e310d0a486f73743a20<HONEYPOT>3a383830300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:2ez7lQbokSbr/9Y8Y+JRoLk3Z1c=","ja3":"","session":"e8024f2c-d544-443d-b3e2-b8d369707733","seq":1,"duration_ms":101,"bytes_in":222,"bytes_out":78},{"timestamp":"2026-07-05T12:21:52","port":49502,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:49502\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/.well-known/security.txt","summary":"","payload_hex":"474554202f2e77656c6c2d6b6e6f776e2f73656375726974792e74787420485454502f312e310d0a486f73743a20<HONEYPOT>3a34393530320d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:Xde6MG2mIDnszCtYCMa4k2P8/W8=","ja3":"","session":"b103623c-0b44-4e9c-a944-2334d33d2aef","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":78},{"timestamp":"2026-07-05T12:21:38","port":50995,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"host\":\"<HONEYPOT>:50995\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/.well-known/security.txt","summary":"","payload_hex":"474554202f2e77656c6c2d6b6e6f776e2f73656375726974792e74787420485454502f312e310d0a486f73743a20<HONEYPOT>3a35303939350d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:44kTx8dFn9/mJyZXJBMq1uOsHDI=","ja3":"","session":"888b1c58-bd5b-46e0-9f7c-5589a3a71913","seq":1,"duration_ms":100,"bytes_in":224,"bytes_out":78},{"timestamp":"2026-07-04T19:31:24","port":8880,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8880\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383838300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:H1G2BTzV260gMaG+Y7Vpry9kwJM=","ja3":"","session":"65cd56fd-991f-49da-81d6-7be977e7f67e","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":78}],"http_methods":[{"method":"GET","count":205},{"method":"POST","count":4}],"distinct_ports_total":225,"top_paths":[{"path":"/","count":156,"ports":108},{"path":"/.well-known/security.txt","count":32,"ports":32},{"path":"/jolokia/write","count":4,"ports":4},{"path":"/jolokia","count":3,"ports":3},{"path":"/api/jolokia","count":3,"ports":3},{"path":"/api/jolokia/version","count":3,"ports":3},{"path":"/wsman","count":2,"ports":1},{"path":"/jolokia/exec","count":2,"ports":2},{"path":"/jolokia/list","count":2,"ports":2},{"path":"/jolokia/version","count":1,"ports":1},{"path":"/api/jolokia/list","count":1,"ports":1}],"distinct_paths_total":11,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:4567","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":10},"tags":[{"tag_id":"CVE-2026-34197","tag_type":"cve","title":"Apache ActiveMQ - Remote Code Execution","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"/api/jolokia/","reference_urls":[]}],"data_as_of":"2026-07-05T21:17:17.675744+00:00"}