{"ip":"205.210.31.97","total_events":459,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-19T19:28:24","last_seen":"2026-06-04T05:58:37","events_24h":4,"events_7d":28,"geo":{"country_code":"US","country_name":"","region":"","city":"","lat":37.751,"lon":-97.822,"asn":396982,"org":"Google LLC"},"source_domain":null,"known_scanners":["paloaltonetworks"],"scanner_tag":null,"cve_matches":[],"top_ports":[{"port":3389,"proto":"tcp","label":"RDP","count":17},{"port":20256,"proto":"tcp","label":"","count":17},{"port":8088,"proto":"tcp","label":"Hadoop","count":9},{"port":28080,"proto":"tcp","label":"","count":7},{"port":444,"proto":"tcp","label":"","count":7},{"port":8081,"proto":"tcp","label":"","count":6},{"port":541,"proto":"tcp","label":"","count":6},{"port":22,"proto":"tcp","label":"SSH","count":6},{"port":8888,"proto":"tcp","label":"HTTP-alt","count":6},{"port":4016,"proto":"tcp","label":"","count":6},{"port":4369,"proto":"tcp","label":"","count":6},{"port":8090,"proto":"tcp","label":"","count":5},{"port":88,"proto":"tcp","label":"","count":5},{"port":20257,"proto":"tcp","label":"","count":5},{"port":82,"proto":"tcp","label":"","count":5}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i190800_9dc949149365_97f8aa674fd9","t13i140900_cbb2034c60b8_e7c285222651","t13i311000_e8f1e7e78f70_24695f2957a7","t13i131000_f57a46bbacb6_ab7e3b40a677"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d","ge11nn0300_042112399351"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":677,"t13i311000_e8f1e7e78f70_24695f2957a7":500,"t13i131000_f57a46bbacb6_ab7e3b40a677":5454,"t13i190800_9dc949149365_97f8aa674fd9":3581,"ge11nn0300_0db47b7d240d":3775,"ge11nn0300_042112399351":3300,"ge11nn0200_3ed38b250d3d":1543,"ge10nn0200_5594a17e7e7e":1933},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","curl/7.68.0"],"timeline":[{"date":"2026-03-07","count":8},{"date":"2026-03-08","count":4},{"date":"2026-03-09","count":6},{"date":"2026-03-10","count":8},{"date":"2026-03-11","count":3},{"date":"2026-03-12","count":3},{"date":"2026-03-14","count":7},{"date":"2026-03-15","count":8},{"date":"2026-03-16","count":1},{"date":"2026-03-17","count":9},{"date":"2026-03-19","count":14},{"date":"2026-03-20","count":2},{"date":"2026-03-21","count":7},{"date":"2026-03-22","count":5},{"date":"2026-03-23","count":2},{"date":"2026-03-24","count":10},{"date":"2026-03-25","count":20},{"date":"2026-03-26","count":7},{"date":"2026-03-27","count":2},{"date":"2026-03-29","count":5},{"date":"2026-03-30","count":2},{"date":"2026-03-31","count":8},{"date":"2026-04-01","count":7},{"date":"2026-04-02","count":5},{"date":"2026-04-03","count":3},{"date":"2026-04-04","count":4},{"date":"2026-04-05","count":7},{"date":"2026-04-06","count":6},{"date":"2026-04-07","count":1},{"date":"2026-04-08","count":3},{"date":"2026-04-09","count":4},{"date":"2026-04-10","count":3},{"date":"2026-04-11","count":10},{"date":"2026-04-12","count":5},{"date":"2026-04-14","count":4},{"date":"2026-04-15","count":5},{"date":"2026-04-18","count":6},{"date":"2026-04-19","count":9},{"date":"2026-04-21","count":10},{"date":"2026-04-22","count":5},{"date":"2026-04-23","count":1},{"date":"2026-04-24","count":4},{"date":"2026-04-25","count":2},{"date":"2026-04-26","count":4},{"date":"2026-04-28","count":2},{"date":"2026-04-29","count":5},{"date":"2026-04-30","count":1},{"date":"2026-05-01","count":4},{"date":"2026-05-02","count":6},{"date":"2026-05-03","count":5},{"date":"2026-05-05","count":2},{"date":"2026-05-07","count":2},{"date":"2026-05-08","count":2},{"date":"2026-05-10","count":3},{"date":"2026-05-11","count":5},{"date":"2026-05-12","count":4},{"date":"2026-05-13","count":4},{"date":"2026-05-15","count":2},{"date":"2026-05-16","count":4},{"date":"2026-05-17","count":1},{"date":"2026-05-18","count":1},{"date":"2026-05-20","count":1},{"date":"2026-05-21","count":3},{"date":"2026-05-22","count":2},{"date":"2026-05-23","count":3},{"date":"2026-05-24","count":2},{"date":"2026-05-25","count":1},{"date":"2026-05-26","count":2},{"date":"2026-05-27","count":3},{"date":"2026-05-28","count":6},{"date":"2026-05-29","count":5},{"date":"2026-05-30","count":9},{"date":"2026-05-31","count":2},{"date":"2026-06-01","count":2},{"date":"2026-06-02","count":3},{"date":"2026-06-03","count":3},{"date":"2026-06-04","count":4}],"recent_events":[{"timestamp":"2026-06-04T05:58:37","port":22460,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:22460\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-04T03:16:37","port":7080,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:7080\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-04T02:38:52","port":54498,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:54498\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-04T02:13:53","port":2083,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:2083\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-03T22:20:22","port":2525,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:2525\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-03T06:36:00","port":23656,"proto":"tcp","app_proto":"tls","host":"<HONEYPOT>","headers":"{\"accept\":\"*/*\",\"host\":\"<HONEYPOT>:23656\",\"user-agent\":\"curl/7.68.0\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"curl/7.68.0"},{"timestamp":"2026-06-03T01:31:17","port":9200,"proto":"tcp","app_proto":"","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-02T20:08:04","port":18245,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","method":"","user_agent":""},{"timestamp":"2026-06-02T02:56:47","port":5001,"proto":"tcp","app_proto":"","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:5001\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"},{"timestamp":"2026-06-02T02:21:31","port":8009,"proto":"tcp","app_proto":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"\u00124\u0000�\u0002\u0002\u0000\bHTTP/1.1\u0000\u0000\u0001/\u0000\u0000\u000b10.128.0.97\u0000��\u0000\f<HONEYPOT>\u0000\u001fI\u0000\u0000\u0002�\u0006\u0000\nkeep-alive\u0000�\u000e\u0000�Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\u0000�","method":"","user_agent":"","enriched":{"digest":"9e852c19c6a8f59e","strings":["HTTP/1.1","10.128.0.97","<HONEYPOT>","keep-alive","Hello from Palo Alto Networks, find out more about our scans in https://docs-cor…"],"iocs":{"urls":["https://docs-cor…"],"ips":["10.128.0.97"]}}}],"http_methods":[{"method":"GET","count":128},{"method":"POST","count":1}],"distinct_ports_total":193,"top_paths":[{"path":"/","count":117,"ports":85},{"path":"/.well-known/security.txt","count":11,"ports":11},{"path":"/wsman","count":1,"ports":1}],"distinct_paths_total":3,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":2}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:22460","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":3,"events_with_headers":8},"tags":[],"data_as_of":"2026-06-04T22:59:37.396418+00:00"}