{"ip":"35.203.210.48","total_events":671,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-19T08:58:57","last_seen":"2026-06-25T01:40:30","events_24h":10,"events_7d":78,"geo":{"country_code":"GB","country_name":"United Kingdom","region":"England","city":"City of London","lat":51.5164,"lon":-0.093,"asn":396982,"org":"Google LLC"},"source_domain":"48.210.203.35.bc.googleusercontent.com","known_scanners":["paloaltonetworks"],"scanner_tag":{"key":"gcp","label":"Google Cloud","category":"hosting_provider","url":"https://cloud.google.com/"},"cve_matches":[],"top_ports":[{"port":4390,"proto":"tcp","label":"","count":11},{"port":8826,"proto":"tcp","label":"","count":4},{"port":3151,"proto":"tcp","label":"","count":3},{"port":25582,"proto":"tcp","label":"","count":3},{"port":9293,"proto":"tcp","label":"","count":3},{"port":65408,"proto":"tcp","label":"","count":3},{"port":56471,"proto":"tcp","label":"","count":3},{"port":39206,"proto":"tcp","label":"","count":3},{"port":1982,"proto":"tcp","label":"","count":3},{"port":9935,"proto":"tcp","label":"","count":3},{"port":8441,"proto":"tcp","label":"","count":2},{"port":9981,"proto":"tcp","label":"","count":2},{"port":57137,"proto":"tcp","label":"","count":2},{"port":1610,"proto":"tcp","label":"","count":2},{"port":9409,"proto":"tcp","label":"","count":2}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i140900_cbb2034c60b8_e7c285222651","t12i520600_3874cc0afe49_d74d77c6171b","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["2196848d251b217de8b2c037e356c11d"],"ja4h":["po11nn0300_7059b3fb2d4a","ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":690,"t12i520600_3874cc0afe49_d74d77c6171b":278,"t13i131000_f57a46bbacb6_ab7e3b40a677":5562,"ge11nn0300_0db47b7d240d":4222,"ge11nn0200_3ed38b250d3d":1491,"po11nn0300_7059b3fb2d4a":157,"ge10nn0200_5594a17e7e7e":1980},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-03-27","count":7},{"date":"2026-03-28","count":2},{"date":"2026-03-29","count":2},{"date":"2026-03-30","count":2},{"date":"2026-04-01","count":2},{"date":"2026-04-03","count":10},{"date":"2026-04-04","count":3},{"date":"2026-04-05","count":20},{"date":"2026-04-06","count":1},{"date":"2026-04-07","count":3},{"date":"2026-04-08","count":6},{"date":"2026-04-09","count":9},{"date":"2026-04-10","count":2},{"date":"2026-04-11","count":3},{"date":"2026-04-12","count":1},{"date":"2026-04-14","count":3},{"date":"2026-04-15","count":9},{"date":"2026-04-16","count":5},{"date":"2026-04-18","count":9},{"date":"2026-04-19","count":5},{"date":"2026-04-21","count":8},{"date":"2026-04-22","count":4},{"date":"2026-04-23","count":5},{"date":"2026-04-24","count":1},{"date":"2026-04-25","count":6},{"date":"2026-04-26","count":4},{"date":"2026-04-27","count":1},{"date":"2026-04-28","count":4},{"date":"2026-04-29","count":2},{"date":"2026-04-30","count":8},{"date":"2026-05-01","count":1},{"date":"2026-05-02","count":7},{"date":"2026-05-03","count":7},{"date":"2026-05-04","count":1},{"date":"2026-05-05","count":3},{"date":"2026-05-06","count":1},{"date":"2026-05-07","count":2},{"date":"2026-05-08","count":4},{"date":"2026-05-09","count":6},{"date":"2026-05-10","count":10},{"date":"2026-05-11","count":4},{"date":"2026-05-12","count":7},{"date":"2026-05-13","count":10},{"date":"2026-05-14","count":3},{"date":"2026-05-15","count":15},{"date":"2026-05-16","count":3},{"date":"2026-05-17","count":10},{"date":"2026-05-18","count":8},{"date":"2026-05-19","count":1},{"date":"2026-05-20","count":10},{"date":"2026-05-21","count":9},{"date":"2026-05-22","count":8},{"date":"2026-05-23","count":5},{"date":"2026-05-24","count":7},{"date":"2026-05-25","count":6},{"date":"2026-05-26","count":11},{"date":"2026-05-27","count":5},{"date":"2026-05-28","count":8},{"date":"2026-05-29","count":7},{"date":"2026-05-30","count":2},{"date":"2026-05-31","count":1},{"date":"2026-06-01","count":6},{"date":"2026-06-02","count":8},{"date":"2026-06-03","count":4},{"date":"2026-06-04","count":8},{"date":"2026-06-05","count":20},{"date":"2026-06-07","count":9},{"date":"2026-06-08","count":6},{"date":"2026-06-09","count":3},{"date":"2026-06-10","count":5},{"date":"2026-06-11","count":9},{"date":"2026-06-12","count":5},{"date":"2026-06-13","count":21},{"date":"2026-06-14","count":11},{"date":"2026-06-15","count":9},{"date":"2026-06-16","count":7},{"date":"2026-06-17","count":13},{"date":"2026-06-18","count":14},{"date":"2026-06-19","count":7},{"date":"2026-06-20","count":13},{"date":"2026-06-21","count":9},{"date":"2026-06-22","count":10},{"date":"2026-06-23","count":18},{"date":"2026-06-24","count":10},{"date":"2026-06-25","count":1}],"recent_events":[{"timestamp":"2026-06-25T01:40:30","port":5522,"proto":"tcp","app_proto":"","app_protocol":"ssh","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"SSH-2.0-ZGrab ZGrab SSH Survey\r\n","payload_hex":"5353482d322e302d5a47726162205a4772616220535348205375727665790d0a","method":"","user_agent":"","community_id":"1:wKTJjHtveW3RSdCrmwUlpB4w8Z4=","ja3":"","session":"1f770986-4369-4501-86ed-1cbfca65ca3d","seq":1,"duration_ms":2102,"bytes_in":32,"bytes_out":13,"enriched":{"digest":"5192d527e0eab129","label":"SSH","strings":["SSH-2.0-ZGrab ZGrab SSH Survey"]}},{"timestamp":"2026-06-24T22:39:49","port":9913,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9913\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393931330d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:q/PYuViC0ItBEFMbT7sWMNxLei0=","ja3":"2196848d251b217de8b2c037e356c11d","session":"9f97cd44-57a1-4bd1-950a-ff7eadcabfd3","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":78},{"timestamp":"2026-06-24T21:08:05","port":47487,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:47487\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34373438370d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:HhdkEcKINFO5nz9SZU0Dgsp4NXc=","ja3":"2196848d251b217de8b2c037e356c11d","session":"d6ce016a-e534-4378-aad3-f05f90ca867b","seq":1,"duration_ms":100,"bytes_in":223,"bytes_out":78},{"timestamp":"2026-06-24T20:54:51","port":10021,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:10021\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a31303032310d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:ZPKOimGAms8jd6DeU/l0yiqUCQc=","ja3":"","session":"06d6cb95-4264-47a9-80c5-bd03b5127f67","seq":1,"duration_ms":100,"bytes_in":223,"bytes_out":78},{"timestamp":"2026-06-24T17:59:19","port":54032,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:GE5Ki136Scwj67/kJEUlnkhwYb4=","ja3":"","session":"cdd79d06-afe1-4090-abb6-f2def744cca9","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":78},{"timestamp":"2026-06-24T17:36:40","port":9935,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9935\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393933350d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:vWtpWNE57+U+ZZvwN/8rR7BJZo0=","ja3":"","session":"32457575-cf10-4eb7-a8b0-0ff4e367b69d","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":78},{"timestamp":"2026-06-24T10:16:20","port":46421,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:46421\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34363432310d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:vYoILcEOQ2m22fMF2kQON0CmJU0=","ja3":"2196848d251b217de8b2c037e356c11d","session":"e06bd862-ea06-40b9-aaa2-2ac8e4b55d28","seq":1,"duration_ms":100,"bytes_in":222,"bytes_out":78},{"timestamp":"2026-06-24T10:02:44","port":10814,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:SHcddZiFXF/j2b6xTNLebzv/gE8=","ja3":"","session":"bbe1b3c3-6f03-490a-b4cd-44cd1794be92","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":78},{"timestamp":"2026-06-24T05:26:09","port":27354,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:RJrXyV6OnOf3sM/tSRwDZVti7p8=","ja3":"","session":"c15325b2-46dd-4c66-96d4-b0f36f3583a7","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":78},{"timestamp":"2026-06-24T05:22:30","port":9115,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9115\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393131350d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:rwv4fY22Og37/0oV4yUOPhaVvn4=","ja3":"","session":"f7488545-4dd7-4774-87bd-7b7c88080162","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":78}],"http_methods":[{"method":"GET","count":458},{"method":"POST","count":1}],"distinct_ports_total":502,"top_paths":[{"path":"/","count":445,"ports":381},{"path":"/.well-known/security.txt","count":14,"ports":14}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":23}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:9913","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":9},"tags":[],"data_as_of":"2026-06-25T01:45:46.533935+00:00"}