{"ip":"35.203.210.104","total_events":917,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null,"why":["Source IP is in a known scanner range (paloaltonetworks).","Known research and commercial scanners are labelled as such, not as threats."]},"first_seen":"2026-02-18T03:31:23","last_seen":"2026-07-03T22:25:41","events_24h":17,"events_7d":116,"geo":{"country_code":"GB","country_name":"United Kingdom","region":"England","city":"City of London","lat":51.5164,"lon":-0.093,"asn":396982,"org":"Google LLC"},"source_domain":"104.210.203.35.bc.googleusercontent.com","known_scanners":["paloaltonetworks"],"scanner_tag":{"key":"gcp","label":"Google Cloud","category":"hosting_provider","url":"https://cloud.google.com/"},"cve_matches":[],"malware":[],"top_ports":[{"port":141,"proto":"tcp","label":"","count":18},{"port":23390,"proto":"tcp","label":"","count":11},{"port":47707,"proto":"tcp","label":"","count":4},{"port":26316,"proto":"tcp","label":"","count":3},{"port":37960,"proto":"tcp","label":"","count":3},{"port":40854,"proto":"tcp","label":"","count":3},{"port":19343,"proto":"tcp","label":"","count":3},{"port":59645,"proto":"tcp","label":"","count":3},{"port":50920,"proto":"tcp","label":"","count":3},{"port":1770,"proto":"tcp","label":"","count":3},{"port":48358,"proto":"tcp","label":"","count":3},{"port":36194,"proto":"tcp","label":"","count":3},{"port":18667,"proto":"tcp","label":"","count":3},{"port":29950,"proto":"tcp","label":"","count":3},{"port":55482,"proto":"tcp","label":"","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i140900_cbb2034c60b8_e7c285222651","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":1690,"t13i131000_f57a46bbacb6_ab7e3b40a677":5494,"ge11nn0300_0db47b7d240d":4380,"ge11nn0200_3ed38b250d3d":2372,"ge10nn0200_5594a17e7e7e":1969},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-04-05","count":3},{"date":"2026-04-07","count":4},{"date":"2026-04-08","count":4},{"date":"2026-04-09","count":2},{"date":"2026-04-10","count":2},{"date":"2026-04-12","count":3},{"date":"2026-04-14","count":6},{"date":"2026-04-16","count":6},{"date":"2026-04-17","count":3},{"date":"2026-04-18","count":13},{"date":"2026-04-19","count":6},{"date":"2026-04-21","count":7},{"date":"2026-04-22","count":3},{"date":"2026-04-23","count":4},{"date":"2026-04-24","count":6},{"date":"2026-04-25","count":8},{"date":"2026-04-26","count":2},{"date":"2026-04-28","count":12},{"date":"2026-05-01","count":5},{"date":"2026-05-02","count":7},{"date":"2026-05-03","count":6},{"date":"2026-05-04","count":1},{"date":"2026-05-05","count":2},{"date":"2026-05-06","count":1},{"date":"2026-05-07","count":8},{"date":"2026-05-08","count":5},{"date":"2026-05-09","count":5},{"date":"2026-05-10","count":52},{"date":"2026-05-11","count":2},{"date":"2026-05-12","count":7},{"date":"2026-05-13","count":8},{"date":"2026-05-14","count":5},{"date":"2026-05-15","count":8},{"date":"2026-05-16","count":6},{"date":"2026-05-17","count":4},{"date":"2026-05-18","count":3},{"date":"2026-05-19","count":4},{"date":"2026-05-20","count":8},{"date":"2026-05-21","count":4},{"date":"2026-05-22","count":20},{"date":"2026-05-23","count":9},{"date":"2026-05-24","count":3},{"date":"2026-05-25","count":5},{"date":"2026-05-26","count":11},{"date":"2026-05-27","count":4},{"date":"2026-05-28","count":8},{"date":"2026-05-29","count":4},{"date":"2026-05-30","count":8},{"date":"2026-05-31","count":14},{"date":"2026-06-01","count":7},{"date":"2026-06-02","count":7},{"date":"2026-06-03","count":10},{"date":"2026-06-04","count":15},{"date":"2026-06-05","count":19},{"date":"2026-06-06","count":8},{"date":"2026-06-07","count":6},{"date":"2026-06-08","count":6},{"date":"2026-06-09","count":6},{"date":"2026-06-10","count":7},{"date":"2026-06-11","count":19},{"date":"2026-06-12","count":7},{"date":"2026-06-13","count":18},{"date":"2026-06-14","count":10},{"date":"2026-06-15","count":4},{"date":"2026-06-16","count":10},{"date":"2026-06-17","count":7},{"date":"2026-06-18","count":20},{"date":"2026-06-19","count":15},{"date":"2026-06-20","count":13},{"date":"2026-06-21","count":14},{"date":"2026-06-22","count":14},{"date":"2026-06-23","count":20},{"date":"2026-06-24","count":5},{"date":"2026-06-25","count":14},{"date":"2026-06-26","count":15},{"date":"2026-06-27","count":16},{"date":"2026-06-28","count":8},{"date":"2026-06-29","count":18},{"date":"2026-06-30","count":29},{"date":"2026-07-01","count":7},{"date":"2026-07-02","count":21},{"date":"2026-07-03","count":17}],"recent_events":[{"timestamp":"2026-07-03T22:25:41","port":3096,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:3096\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a333039360d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:lvJo2rHr24prSY0xE751FKfgSlU=","ja3":"2196848d251b217de8b2c037e356c11d","session":"039a2917-f786-428e-968e-7f65bad95354","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":79},{"timestamp":"2026-07-03T21:45:31","port":35832,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:JDXJ6neVbeNgSU4ku6LYt6wtQfg=","ja3":"","session":"a08c87a1-2f26-4019-adc6-ca51d65ab20f","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-03T21:45:30","port":35832,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:upKTUMI91g46XvU1gVTmLBR7shE=","ja3":"","session":"90b7bd7a-0b98-4a08-b17e-8baa6d4c2a7d","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-03T17:34:26","port":45101,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:45101\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34353130310d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:pV0A2KNb1nIMlCfhb8MVZPGdx+4=","ja3":"2196848d251b217de8b2c037e356c11d","session":"cb383322-e8d1-4f95-b2e3-6dd9d1145996","seq":1,"duration_ms":101,"bytes_in":221,"bytes_out":79},{"timestamp":"2026-07-03T17:28:50","port":29225,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:ZYEQ7U+fenJVSMciYQTLYM5X2rM=","ja3":"","session":"e46316ca-b7eb-4ac3-9ec9-f5df237c6b45","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-03T09:58:25","port":23452,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:a/7wXFDFWIWC70CjFchAO+L6cds=","ja3":"","session":"e5ce760f-125e-43d3-b19f-0339df5779e1","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-03T09:56:20","port":35413,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:utCdZoxqNIOaDzUbHFwQuwSHdsI=","ja3":"","session":"e2bce973-0ada-4bd7-a069-182432d52c3a","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-03T06:48:54","port":9483,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9483\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393438330d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:hHG378tdMZegJuQPRF8lJzfpS44=","ja3":"","session":"dfe5eabf-1417-4ae6-8713-f5da7bca6a35","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":79},{"timestamp":"2026-07-03T06:01:10","port":38485,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:XZPmN/5uTvrPaSBOQsa75r7fUUc=","ja3":"","session":"cffd7942-c06d-4308-b0aa-bbdf07c0eaec","seq":1,"duration_ms":101,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-03T05:39:42","port":49977,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:49977\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34393937370d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:apJu+Rn+1s7757YTYnEWwXhKd98=","ja3":"2196848d251b217de8b2c037e356c11d","session":"b9468428-72bb-4c82-80b1-5ed4ce1a40da","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":79}],"http_methods":[{"method":"GET","count":716}],"distinct_ports_total":682,"top_paths":[{"path":"/","count":622,"ports":503},{"path":"/.well-known/security.txt","count":94,"ports":94}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":17}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:3096","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":10},"tags":[],"data_as_of":"2026-07-04T00:23:20.587523+00:00"}