{"ip":"35.203.211.113","total_events":1280,"verdict":{"verdict":"scanner","label":"Recognized scanner","detail":"paloaltonetworks","confidence":"high","network_type":null,"why":["Source IP is in a known scanner range (paloaltonetworks).","Known research and commercial scanners are labelled as such, not as threats."]},"first_seen":"2026-02-16T20:21:33","last_seen":"2026-07-05T17:42:49","events_24h":7,"events_7d":106,"geo":{"country_code":"GB","country_name":"United Kingdom","region":"England","city":"City of London","lat":51.5164,"lon":-0.093,"asn":396982,"org":"Google LLC"},"source_domain":"113.211.203.35.bc.googleusercontent.com","known_scanners":["paloaltonetworks"],"scanner_tag":{"key":"gcp","label":"Google Cloud","category":"hosting_provider","url":"https://cloud.google.com/"},"cve_matches":[{"cve_id":"CVE-2026-34197","title":"Apache ActiveMQ - Remote Code Execution","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"/api/jolokia/"}],"malware":[],"top_ports":[{"port":63389,"proto":"tcp","label":"","count":17},{"port":141,"proto":"tcp","label":"","count":6},{"port":9463,"proto":"tcp","label":"","count":4},{"port":9970,"proto":"tcp","label":"","count":4},{"port":9050,"proto":"tcp","label":"","count":4},{"port":5929,"proto":"tcp","label":"","count":4},{"port":18148,"proto":"tcp","label":"","count":3},{"port":21341,"proto":"tcp","label":"","count":3},{"port":50005,"proto":"tcp","label":"","count":3},{"port":36710,"proto":"tcp","label":"","count":3},{"port":8897,"proto":"tcp","label":"","count":3},{"port":9568,"proto":"tcp","label":"","count":3},{"port":26519,"proto":"tcp","label":"","count":3},{"port":11386,"proto":"tcp","label":"","count":3},{"port":50542,"proto":"tcp","label":"","count":3}],"fingerprints":{"ssh_hassh":[],"tls_ja4":["t13i140900_cbb2034c60b8_e7c285222651","t12i520600_3874cc0afe49_d74d77c6171b","t13i131000_f57a46bbacb6_ab7e3b40a677"],"tls_ja3":["1487bd354c20f20dd642bebc7f706e95","2196848d251b217de8b2c037e356c11d"],"ja4h":["ge10nn0200_5594a17e7e7e","ge11nn0300_0db47b7d240d","ge11nn0200_3ed38b250d3d"]},"fingerprint_peers":{"t13i140900_cbb2034c60b8_e7c285222651":1708,"t12i520600_3874cc0afe49_d74d77c6171b":291,"t13i131000_f57a46bbacb6_ab7e3b40a677":5493,"ge11nn0300_0db47b7d240d":4372,"ge11nn0200_3ed38b250d3d":2362,"ge10nn0200_5594a17e7e7e":1966},"user_agents":["Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity"],"timeline":[{"date":"2026-04-07","count":9},{"date":"2026-04-08","count":3},{"date":"2026-04-09","count":5},{"date":"2026-04-10","count":4},{"date":"2026-04-11","count":4},{"date":"2026-04-12","count":4},{"date":"2026-04-13","count":2},{"date":"2026-04-14","count":2},{"date":"2026-04-16","count":2},{"date":"2026-04-17","count":5},{"date":"2026-04-18","count":8},{"date":"2026-04-19","count":3},{"date":"2026-04-20","count":5},{"date":"2026-04-21","count":9},{"date":"2026-04-22","count":3},{"date":"2026-04-24","count":4},{"date":"2026-04-25","count":3},{"date":"2026-04-26","count":7},{"date":"2026-04-28","count":2},{"date":"2026-04-29","count":1},{"date":"2026-04-30","count":18},{"date":"2026-05-02","count":3},{"date":"2026-05-03","count":10},{"date":"2026-05-05","count":2},{"date":"2026-05-06","count":1},{"date":"2026-05-07","count":11},{"date":"2026-05-08","count":6},{"date":"2026-05-09","count":7},{"date":"2026-05-10","count":4},{"date":"2026-05-11","count":4},{"date":"2026-05-12","count":7},{"date":"2026-05-13","count":7},{"date":"2026-05-14","count":14},{"date":"2026-05-15","count":12},{"date":"2026-05-16","count":2},{"date":"2026-05-17","count":7},{"date":"2026-05-18","count":7},{"date":"2026-05-19","count":4},{"date":"2026-05-20","count":9},{"date":"2026-05-21","count":14},{"date":"2026-05-22","count":8},{"date":"2026-05-23","count":8},{"date":"2026-05-24","count":6},{"date":"2026-05-25","count":7},{"date":"2026-05-26","count":9},{"date":"2026-05-27","count":5},{"date":"2026-05-28","count":9},{"date":"2026-05-29","count":10},{"date":"2026-05-30","count":5},{"date":"2026-05-31","count":7},{"date":"2026-06-01","count":5},{"date":"2026-06-02","count":12},{"date":"2026-06-03","count":6},{"date":"2026-06-04","count":10},{"date":"2026-06-05","count":16},{"date":"2026-06-06","count":3},{"date":"2026-06-07","count":5},{"date":"2026-06-08","count":8},{"date":"2026-06-09","count":7},{"date":"2026-06-10","count":7},{"date":"2026-06-11","count":14},{"date":"2026-06-12","count":12},{"date":"2026-06-13","count":6},{"date":"2026-06-14","count":7},{"date":"2026-06-15","count":10},{"date":"2026-06-16","count":14},{"date":"2026-06-17","count":17},{"date":"2026-06-18","count":14},{"date":"2026-06-19","count":7},{"date":"2026-06-20","count":19},{"date":"2026-06-21","count":10},{"date":"2026-06-22","count":15},{"date":"2026-06-23","count":17},{"date":"2026-06-24","count":6},{"date":"2026-06-25","count":23},{"date":"2026-06-26","count":198},{"date":"2026-06-27","count":261},{"date":"2026-06-28","count":8},{"date":"2026-06-29","count":14},{"date":"2026-06-30","count":26},{"date":"2026-07-01","count":14},{"date":"2026-07-02","count":14},{"date":"2026-07-03","count":11},{"date":"2026-07-04","count":23},{"date":"2026-07-05","count":3}],"recent_events":[{"timestamp":"2026-07-05T17:42:49","port":8102,"proto":"tcp","app_proto":"","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:8102\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a383130320d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:JOytgd2++tEGXR4nXq7QbiVUyWk=","ja3":"","session":"0f93312c-ca1b-4bde-812a-bcda1455a95a","seq":1,"duration_ms":100,"bytes_in":220,"bytes_out":79},{"timestamp":"2026-07-05T13:09:28","port":22515,"proto":"tcp","app_proto":"","app_protocol":"ssh","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"SSH-2.0-ZGrab ZGrab SSH Survey\r\n","payload_hex":"5353482d322e302d5a47726162205a4772616220535348205375727665790d0a","method":"","user_agent":"","community_id":"1:LkjniTtYMMiPvJZj4oU+yAWKl4k=","ja3":"","session":"a391f785-1f5c-43ae-8e9e-54c0b133fbde","seq":1,"duration_ms":2101,"bytes_in":32,"bytes_out":14,"enriched":{"digest":"5192d527e0eab129","label":"SSH","strings":["SSH-2.0-ZGrab ZGrab SSH Survey"]}},{"timestamp":"2026-07-05T05:21:10","port":43106,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:0oh4/cACKE6qBEu3OmEvX2H21Vg=","ja3":"","session":"0427d010-8717-4ab5-8da3-df4867e5fac6","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-04T21:38:13","port":5929,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:9kdnEfBcfrUhZQ8W3b/d8nd2/Zc=","ja3":"","session":"80a7b593-f16e-45f8-92c9-643d502c7533","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-04T21:38:13","port":5929,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:cCtjHD6oG9G/23PzbFaw3Jc0ikw=","ja3":"","session":"ff091d67-7ba2-4fe5-9667-dfa571ea16f7","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-04T21:35:16","port":48600,"proto":"tcp","app_proto":"tls","app_protocol":"http","host":"<HONEYPOT>","headers":"{\"accept-encoding\":\"gzip\",\"host\":\"<HONEYPOT>:48600\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_version":"TLSv1.3","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e310d0a486f73743a20<HONEYPOT>3a34383630300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:zPoM7IrVTtdZBoRZ3qv4rPse/S8=","ja3":"2196848d251b217de8b2c037e356c11d","session":"ae50e81d-69cd-4fbc-ae65-a759a297b835","seq":1,"duration_ms":100,"bytes_in":223,"bytes_out":79},{"timestamp":"2026-07-04T21:34:25","port":15599,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:Zi774A+KDTJcgZ+I3w2K+YYqgBs=","ja3":"","session":"ce3b6a2e-f5f9-4d11-94e1-74dcbed926ab","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-04T18:30:31","port":10089,"proto":"tcp","app_proto":"","app_protocol":"ssh","host":"","headers":"","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"","summary":"SSH-2.0-ZGrab ZGrab SSH Survey\r\n","payload_hex":"5353482d322e302d5a47726162205a4772616220535348205375727665790d0a","method":"","user_agent":"","community_id":"1:tVGL3zWeNpHyGPYX3Z2NDiC+4zg=","ja3":"","session":"7de9fa5e-1ac8-4086-b6f6-b20aa308e116","seq":1,"duration_ms":2101,"bytes_in":32,"bytes_out":14,"enriched":{"digest":"5192d527e0eab129","label":"SSH","strings":["SSH-2.0-ZGrab ZGrab SSH Survey"]}},{"timestamp":"2026-07-04T16:57:25","port":50388,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:hZSYa5zC34o/yU1y3cpKZfUKLOM=","ja3":"","session":"55ef3fb7-6b23-47d2-b719-3e14816f8a58","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79},{"timestamp":"2026-07-04T16:57:25","port":50388,"proto":"tcp","app_proto":"","app_protocol":"http","host":"","headers":"{\"accept\":\"*/*\",\"user-agent\":\"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity\"}","body":"","sni":"","tls_cipher":"","tls_version":"","alpn":[],"url_path":"/","summary":"","payload_hex":"474554202f20485454502f312e300d0a557365722d4167656e743a2048656c6c6f2066726f6d2050616c6f20416c746f204e6574776f726b732c2066696e64206f7574206d6f72652061626f7574206f7572207363616e7320696e2068747470733a2f2f646f63732d636f727465782e70616c6f616c746f6e6574776f726b732e636f6d2f722f312f436f727465782d5870616e73652f5363616e6e696e672d61637469766974790d0a4163636570743a202a2f2a0d0a0d0a","method":"GET","user_agent":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","community_id":"1:V1kBp3sG1KtbVnz3yCPZ4XgaTq8=","ja3":"","session":"9dc662f1-013d-41bd-8434-c6abf4e0ca4e","seq":1,"duration_ms":100,"bytes_in":185,"bytes_out":79}],"http_methods":[{"method":"GET","count":1083}],"distinct_ports_total":1043,"top_paths":[{"path":"/","count":639,"ports":530},{"path":"/api/jolokia","count":61,"ports":61},{"path":"/actuator/jolokia/version","count":60,"ports":60},{"path":"/jolokia","count":55,"ports":55},{"path":"/jolokia/list","count":50,"ports":50},{"path":"/api/jolokia/version","count":47,"ports":46},{"path":"/jolokia/write","count":46,"ports":46},{"path":"/jolokia/version","count":46,"ports":46},{"path":"/jolokia/exec","count":42,"ports":41},{"path":"/api/jolokia/list","count":37,"ports":37}],"distinct_paths_total":10,"top_snis":[],"top_hosts":[],"top_alpns":[],"banners":[{"value":"SSH-2.0-ZGrab ZGrab SSH Survey","count":24}],"credentials":[],"header_profile":{"signature":["Accept-Encoding","Host","User-Agent"],"representative":[{"name":"Accept-Encoding","value":"gzip","notable":false},{"name":"Host","value":"<HONEYPOT>:8102","notable":false},{"name":"User-Agent","value":"Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity","notable":false}],"distinct_sets":2,"events_with_headers":8},"tags":[{"tag_id":"CVE-2026-34197","tag_type":"cve","title":"Apache ActiveMQ - Remote Code Execution","severity":"CRITICAL","actively_exploited":true,"match_field":"url_path","matched_pattern":"/api/jolokia/","reference_urls":[]}],"data_as_of":"2026-07-05T21:18:11.286437+00:00"}