{"ip":"35.203.210.126","total_events":698,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-19T01:22:58","last_seen":"2026-06-22T09:58:55","events_24h":6,"events_7d":83,"geo":{"country_code":"GB","country_name":"United Kingdom","region":"England","city":"City of London","lat":51.5164,"lon":-0.093,"asn":396982,"org":"Google LLC"},"source_domain":"126.210.203.35.bc.googleusercontent.com","known_scanners":["paloaltonetworks"],"scanner_tag":{"key":"gcp","label":"Google Cloud","category":"hosting_provider","url":"https://cloud.google.com/"},"cve_matches":[],"top_ports":[{"port":3392,"proto":"tcp","label":"","count":17},{"port":2445,"proto":"tcp","label":"","count":12},{"port":21000,"proto":"tcp","label":"","count":6},{"port":1888,"proto":"tcp","label":"","count":4},{"port":59018,"proto":"tcp","label":"","count":3},{"port":12011,"proto":"tcp","label":"","count":3},{"port":56574,"proto":"tcp","label":"","count":3},{"port":2184,"proto":"tcp","label":"","count":3},{"port":20016,"proto":"tcp","label":"","count":3},{"port":9739,"proto":"tcp","label":"","count":3},{"port":42900,"proto":"tcp","label":"","count":3},{"port":54962,"proto":"tcp","label":"","count":3},{"port":45976,"proto":"tcp","label":"","count":3},{"port":9926,"proto":"tcp","label":"","count":3},{"port":61458,"proto":"tcp","label":"","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t12i520600_3874cc0afe49_d74d77c6171b","t13i140900_cbb2034c60b8_e7c285222651","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":758,"t12i520600_3874cc0afe49_d74d77c6171b":270,"t13i131000_f57a46bbacb6_ab7e3b40a677":5538,"ge11nn0300_0db47b7d240d":4188,"ge10nn0200_5594a17e7e7e":1977},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-03-24","count":1},{"date":"2026-03-25","count":5},{"date":"2026-03-26","count":9},{"date":"2026-03-27","count":3},{"date":"2026-03-28","count":4},{"date":"2026-03-29","count":4},{"date":"2026-03-31","count":9},{"date":"2026-04-01","count":2},{"date":"2026-04-02","count":2},{"date":"2026-04-03","count":4},{"date":"2026-04-04","count":5},{"date":"2026-04-05","count":3},{"date":"2026-04-06","count":1},{"date":"2026-04-07","count":8},{"date":"2026-04-08","count":1},{"date":"2026-04-09","count":7},{"date":"2026-04-11","count":3},{"date":"2026-04-12","count":1},{"date":"2026-04-13","count":1},{"date":"2026-04-14","count":9},{"date":"2026-04-15","count":7},{"date":"2026-04-16","count":8},{"date":"2026-04-17","count":7},{"date":"2026-04-18","count":5},{"date":"2026-04-19","count":7},{"date":"2026-04-20","count":2},{"date":"2026-04-21","count":4},{"date":"2026-04-22","count":6},{"date":"2026-04-23","count":4},{"date":"2026-04-24","count":21},{"date":"2026-04-25","count":3},{"date":"2026-04-26","count":2},{"date":"2026-04-27","count":3},{"date":"2026-04-28","count":5},{"date":"2026-04-29","count":4},{"date":"2026-04-30","count":3},{"date":"2026-05-01","count":5},{"date":"2026-05-02","count":3},{"date":"2026-05-03","count":9},{"date":"2026-05-04","count":1},{"date":"2026-05-05","count":5},{"date":"2026-05-06","count":2},{"date":"2026-05-07","count":6},{"date":"2026-05-08","count":9},{"date":"2026-05-09","count":5},{"date":"2026-05-10","count":3},{"date":"2026-05-11","count":7},{"date":"2026-05-12","count":10},{"date":"2026-05-13","count":4},{"date":"2026-05-14","count":10},{"date":"2026-05-15","count":13},{"date":"2026-05-16","count":7},{"date":"2026-05-17","count":7},{"date":"2026-05-18","count":4},{"date":"2026-05-19","count":6},{"date":"2026-05-20","count":9},{"date":"2026-05-21","count":10},{"date":"2026-05-22","count":6},{"date":"2026-05-23","count":6},{"date":"2026-05-24","count":5},{"date":"2026-05-25","count":4},{"date":"2026-05-26","count":14},{"date":"2026-05-27","count":5},{"date":"2026-05-28","count":12},{"date":"2026-05-29","count":9},{"date":"2026-05-30","count":6},{"date":"2026-05-31","count":10},{"date":"2026-06-01","count":5},{"date":"2026-06-02","count":11},{"date":"2026-06-03","count":7},{"date":"2026-06-04","count":8},{"date":"2026-06-05","count":21},{"date":"2026-06-06","count":10},{"date":"2026-06-07","count":5},{"date":"2026-06-08","count":4},{"date":"2026-06-09","count":4},{"date":"2026-06-10","count":10},{"date":"2026-06-11","count":10},{"date":"2026-06-12","count":14},{"date":"2026-06-13","count":12},{"date":"2026-06-14","count":6},{"date":"2026-06-15","count":5},{"date":"2026-06-16","count":6},{"date":"2026-06-17","count":9},{"date":"2026-06-18","count":18},{"date":"2026-06-19","count":20},{"date":"2026-06-20","count":16},{"date":"2026-06-21","count":11},{"date":"2026-06-22","count":3}],"recent_events":[{"timestamp":"2026-06-22T09:58:55","port":53510,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:WLbsFNP6+ZfXF/dhDEPu6C0feV0=","ja3":"","session":"645cdcb4-76c2-4de1-aa2d-322fae6f479f","seq":1,"duration_ms":101,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-22T09:53:08","port":50002,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:50002\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a35303030320d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:tz9bn6jrmt+S/Whf8hPk1P+3n6g=","ja3":"","session":"ed5a56e4-12e7-42f4-85ea-fb4ca3ed8b8a","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":79},{"timestamp":"2026-06-22T04:53:15","port":33954,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:Ndejdxp5BbCKQ+0JHX1O1pj12+A=","ja3":"","session":"b2da1c40-2331-4ab4-85b3-b7377b02b6cc","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-21T21:18:30","port":41136,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:c8iBsdNkj2Ka9MkI+YwBZD8uwrQ=","ja3":"","session":"f1988b53-57c5-474b-a65a-f5bf1be6bbbe","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-21T17:46:26","port":26836,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:VpadOzHRBgQuDOQcrVAiN6TpTGY=","ja3":"","session":"bde1263c-4eb0-481f-986b-f896d14b03a5","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-21T17:46:26","port":26836,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:mpzIs7DdAGgqisrjXmkouVJGFMY=","ja3":"","session":"1dec60ef-155d-4eb3-85c8-c465f6acc604","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-21T09:44:35","port":47688,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:ts1IFwuY86dDyZTBy5AXxB9X9Qo=","ja3":"","session":"8a0827c0-7d77-4883-9e64-d07062829454","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-21T08:51:07","port":21911,"proto":"tcp","app_proto":"","app_protocol":"","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"fox a 1 -1 fox hello\n{\nfox.version=s:1.0\nid=i:1\nhostName=s:xpvm-0omdc01xmy\nhostAddress=s:192.168.1.125\napp.name=s:Workbench\napp.version=s:3.7.44\nvm.name=s:Java HotSpot(TM) Server VM\nvm.version=s:20.4-b02\nos.name=s:Windows XP\nos.version=s:5.1\nlang=s:en\ntimeZone=s:America/Los_Angeles;-28800000;3600000;02:00:00.000,wall,march,8,on or after,sunday,undefined;02:00:00.000,wall,november,1,on or after,sunday,undefined\nhostId=s:Win-99CB-D49D-5442-07BB\nvmUuid=s:8b530bc8-76c5-4139-a2ea-0fabd394d305\nbrandId=s:vykon\n};;\n","payload_hex":"666f7820612031202d3120666f782068656c6c6f0a7b0a666f782e76657273696f6e3d733a312e300a69643d693a310a686f73744e616d653d733a7870766d2d306f6d64633031786d790a686f7374416464726573733d733a3139322e3136382e312e3132350a6170702e6e616d653d733a576f726b62656e63680a6170702e76657273696f6e3d733a332e372e34340a766d2e6e616d653d733a4a61766120486f7453706f7428544d292053657276657220564d0a766d2e76657273696f6e3d733a32302e342d6230320a6f732e6e616d653d733a57696e646f77732058500a6f732e76657273696f6e3d733a352e310a6c616e673d733a656e0a74696d655a6f6e653d733a416d65726963612f4c6f735f416e67656c65733b2d32383830303030303b333630303030303b30323a30303a30302e3030302c77616c6c2c6d617263682c382c6f6e206f722061667465722c73756e6461792c756e646566696e65643b30323a30303a30302e3030302c77616c6c2c6e6f76656d6265722c312c6f6e206f722061667465722c73756e6461792c756e646566696e65640a686f737449643d733a57696e2d393943422d443439442d353434322d303742420a766d557569643d733a38623533306263382d373663352d343133392d613265612d3066616264333934643330350a6272616e6449643d733a76796b6f6e0a7d3b3b0a","method":"","user_agent":"","community_id":"1:W6RKoRZOoKTF46FgN/0VdoZDvPs=","ja3":"","session":"f866fc55-ac95-4fa2-a6e7-3e86f184fcd7","seq":1,"duration_ms":100,"bytes_in":513,"bytes_out":14,"enriched":{"digest":"fe39c976bf6d2d07","strings":["fox a 1 -1 fox hello","fox.version=s:1.0","id=i:1","hostName=s:xpvm-0omdc01xmy","hostAddress=s:192.168.1.125","app.name=s:Workbench","app.version=s:3.7.44","vm.name=s:Java HotSpot(TM) Server VM","vm.version=s:20.4-b02","os.name=s:Windows XP"],"iocs":{"ips":["192.168.1.125"],"domains":["fox.version","app.name","app.version","vm.name","vm.version","os.name"]}}},{"timestamp":"2026-06-21T05:56:07","port":45811,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:xJGehMxPYoHhhgXHxzdWl+ewrfg=","ja3":"","session":"2931f37c-3e4e-4ae6-8dca-b7c69d978d02","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-21T02:05:09","port":43369,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:vF99sV5Mf/+iVoxyhgup90+DwoU=","ja3":"","session":"3995c810-8a29-4146-9005-3d060b70f57e","seq":1,"duration_ms":102,"bytes_in":185,"bytes_out":79}],"http_methods":[{"method":"GET","count":480}],"distinct_ports_total":515,"top_paths":[{"path":"/","count":480,"ports":419}],"distinct_paths_total":1,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":12}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:50002","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":9},"tags":[],"data_as_of":"2026-06-22T10:39:23.029860+00:00"}