{"ip":"35.203.211.108","total_events":872,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null},"first_seen":"2026-02-19T11:18:52","last_seen":"2026-06-21T13:31:05","events_24h":15,"events_7d":92,"geo":{"country_code":"GB","country_name":"United Kingdom","region":"England","city":"City of London","lat":51.5164,"lon":-0.093,"asn":396982,"org":"Google LLC"},"source_domain":"108.211.203.35.bc.googleusercontent.com","known_scanners":["paloaltonetworks"],"scanner_tag":{"key":"gcp","label":"Google Cloud","category":"hosting_provider","url":"https://cloud.google.com/"},"cve_matches":[],"top_ports":[{"port":23389,"proto":"tcp","label":"","count":11},{"port":141,"proto":"tcp","label":"","count":6},{"port":48927,"proto":"tcp","label":"","count":4},{"port":4998,"proto":"tcp","label":"","count":4},{"port":7822,"proto":"tcp","label":"","count":3},{"port":49415,"proto":"tcp","label":"","count":3},{"port":26674,"proto":"tcp","label":"","count":3},{"port":2242,"proto":"tcp","label":"","count":3},{"port":9129,"proto":"tcp","label":"","count":3},{"port":9647,"proto":"tcp","label":"","count":3},{"port":45790,"proto":"tcp","label":"","count":3},{"port":3242,"proto":"tcp","label":"","count":3},{"port":24100,"proto":"tcp","label":"","count":3},{"port":4975,"proto":"tcp","label":"","count":3},{"port":9803,"proto":"tcp","label":"","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i140900_cbb2034c60b8_e7c285222651","t12i520600_3874cc0afe49_d74d77c6171b","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["2196848d251b217de8b2c037e356c11d"],"ja4h":["ge11nn0200_3ed38b250d3d","ge11nn0300_0db47b7d240d","ge10nn0200_5594a17e7e7e"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":751,"t12i520600_3874cc0afe49_d74d77c6171b":271,"t13i131000_f57a46bbacb6_ab7e3b40a677":5532,"ge11nn0300_0db47b7d240d":4154,"ge11nn0200_3ed38b250d3d":1565,"ge10nn0200_5594a17e7e7e":1973},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-03-24","count":2},{"date":"2026-03-25","count":1},{"date":"2026-03-26","count":7},{"date":"2026-03-27","count":2},{"date":"2026-03-28","count":3},{"date":"2026-03-29","count":2},{"date":"2026-03-31","count":4},{"date":"2026-04-01","count":4},{"date":"2026-04-02","count":5},{"date":"2026-04-03","count":2},{"date":"2026-04-04","count":4},{"date":"2026-04-06","count":2},{"date":"2026-04-08","count":2},{"date":"2026-04-09","count":13},{"date":"2026-04-10","count":1},{"date":"2026-04-11","count":3},{"date":"2026-04-12","count":3},{"date":"2026-04-13","count":1},{"date":"2026-04-14","count":5},{"date":"2026-04-15","count":2},{"date":"2026-04-16","count":5},{"date":"2026-04-17","count":1},{"date":"2026-04-18","count":2},{"date":"2026-04-19","count":10},{"date":"2026-04-21","count":5},{"date":"2026-04-22","count":1},{"date":"2026-04-23","count":3},{"date":"2026-04-24","count":3},{"date":"2026-04-25","count":7},{"date":"2026-04-26","count":57},{"date":"2026-04-27","count":2},{"date":"2026-04-28","count":6},{"date":"2026-04-29","count":5},{"date":"2026-04-30","count":1},{"date":"2026-05-01","count":6},{"date":"2026-05-02","count":4},{"date":"2026-05-03","count":4},{"date":"2026-05-05","count":1},{"date":"2026-05-06","count":5},{"date":"2026-05-07","count":7},{"date":"2026-05-08","count":6},{"date":"2026-05-09","count":2},{"date":"2026-05-10","count":7},{"date":"2026-05-11","count":8},{"date":"2026-05-12","count":8},{"date":"2026-05-13","count":7},{"date":"2026-05-14","count":5},{"date":"2026-05-15","count":8},{"date":"2026-05-16","count":13},{"date":"2026-05-17","count":195},{"date":"2026-05-18","count":4},{"date":"2026-05-19","count":8},{"date":"2026-05-20","count":8},{"date":"2026-05-21","count":9},{"date":"2026-05-22","count":4},{"date":"2026-05-23","count":13},{"date":"2026-05-24","count":5},{"date":"2026-05-25","count":2},{"date":"2026-05-26","count":12},{"date":"2026-05-27","count":3},{"date":"2026-05-28","count":7},{"date":"2026-05-29","count":6},{"date":"2026-05-30","count":9},{"date":"2026-05-31","count":8},{"date":"2026-06-01","count":4},{"date":"2026-06-02","count":7},{"date":"2026-06-03","count":10},{"date":"2026-06-04","count":12},{"date":"2026-06-05","count":10},{"date":"2026-06-06","count":7},{"date":"2026-06-07","count":4},{"date":"2026-06-08","count":13},{"date":"2026-06-09","count":11},{"date":"2026-06-10","count":12},{"date":"2026-06-11","count":6},{"date":"2026-06-12","count":6},{"date":"2026-06-13","count":19},{"date":"2026-06-14","count":7},{"date":"2026-06-15","count":11},{"date":"2026-06-16","count":14},{"date":"2026-06-17","count":9},{"date":"2026-06-18","count":10},{"date":"2026-06-19","count":19},{"date":"2026-06-20","count":20},{"date":"2026-06-21","count":7}],"recent_events":[{"timestamp":"2026-06-21T13:31:05","port":54031,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:j0TmzgXnpCVPhjArynsLUUCxWdc=","ja3":"","session":"574c5460-a796-4ef7-979f-70a7e905590a","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-21T06:08:13","port":25848,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:fkvkPKd5h4UULLam9rOaYhBy30k=","ja3":"","session":"906b3110-92c9-4a13-aebd-8933082bf072","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-21T06:06:41","port":936,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:XRXZGHcFaLc1o/cvo511zjfzNn4=","ja3":"","session":"0b868f7c-046b-44f4-a039-16b3661c45b3","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-21T05:30:55","port":38897,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:FgK+r/4yp+M5YXlKd7vqeayEcRg=","ja3":"","session":"40199fcd-d5f1-4e74-898c-26162e250072","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-21T05:30:43","port":38897,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:wDBD79BNSeB03q/2yxT6lkaQaOk=","ja3":"","session":"3a2f0521-2b1d-4366-977d-681e4f73efa9","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-21T01:47:54","port":9178,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9178\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393137380d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:rClRnPFxZYfViT13Q8vbx7gBNm4=","ja3":"","session":"6176cf12-b8c2-4b29-929f-5b32f1bfa3ce","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":79},{"timestamp":"2026-06-21T01:25:32","port":14975,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:waXDNsH0cc/gSoQR507QjMvVrK4=","ja3":"","session":"cfbb8afc-22fe-43ac-a898-aca3ee91f60a","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-06-20T22:28:40","port":21244,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:21244\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a32313234340d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:1qLt4FLtX8MqLKn/nT8YViwXz8Y=","ja3":"","session":"a0d3b055-fd50-4269-8c4f-621f7ab09f60","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":79},{"timestamp":"2026-06-20T22:20:41","port":9646,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:9646\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a393634360d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:JaR0HBLnEJRXZS7qdMXWmv8npuE=","ja3":"","session":"b2d997c4-fad6-4c92-8988-c6a2afa63deb","seq":1,"duration_ms":100,"bytes_in":221,"bytes_out":79},{"timestamp":"2026-06-20T22:06:23","port":2222,"proto":"tcp","app_proto":"","app_protocol":"ssh","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"SSH-2.0-ZGrab ZGrab SSH Survey\r\n","payload_hex":"5353482d322e302d5a47726162205a4772616220535348205375727665790d0a","method":"","user_agent":"","community_id":"1:R0nMEC2uSIODOS8WbfMpZesp0aI=","ja3":"","session":"644516da-75d7-424c-b3cd-10de1885b451","seq":1,"duration_ms":2101,"bytes_in":32,"bytes_out":14,"enriched":{"digest":"5192d527e0eab129","label":"SSH","strings":["SSH-2.0-ZGrab ZGrab SSH Survey"]}}],"http_methods":[{"method":"GET","count":685}],"distinct_ports_total":686,"top_paths":[{"path":"/","count":435,"ports":375},{"path":"/.well-known/security.txt","count":250,"ports":238}],"distinct_paths_total":2,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":30}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:9178","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":9},"tags":[],"data_as_of":"2026-06-21T14:03:51.431480+00:00"}