HoneyLabs
iAnonymous lookups: 10/min, 60/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

ASN=14956

13 unique IPs · 193 events · 2 countries · 1 ASNs

Activity · last 7d

2026-06-24: 27 events2026-06-25: 19 events2026-06-26: 63 events2026-06-27: 8 events2026-06-28: 10 events2026-06-29: 17 events2026-06-30: 38 events2026-07-01: 11 events

peak 63 on 2026-06-26

Top source networks · click to refine

Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
HTTP9900GET /?format=json&showTrafficStats=yes
UA: Mozilla/5.0 (PMTA-Auto)
60216.126.239.17 →
HTTP8317GET /
UA: CLIProxyScanner/1.0
12 · 5 IPs167.88.165.96 →
-1723/PPTP00 9c 00 01 1a 2b 3c 4d 00 01 00 00 01 00 00 00 00 00 00 03 00 00 00 03 …(156 bytes)9144.172.110.38 →
HTTP2083GET /.env
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
8 · 3 IPs107.189.18.71 →
HTTP2083GET /.env.local
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
7 · 2 IPs107.189.18.71 →
HTTP2083GET /.env.production
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
6 · 2 IPs107.189.18.71 →
-25565/Minecraft/<HONEYPOT>c�6144.172.104.239 →
-9401net.tcp://<HONEYPOT>:9401/ application/ssl-tls4172.86.123.118 →
HTTP2083GET /.git/config
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
4 · 2 IPs107.189.18.71 →
HTTP2083GET /_cat/indices?v
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
3107.189.18.71 →
HTTP2083GET /config/mail.php
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
3107.189.18.71 →
HTTP2083GET /_profiler/phpinfo
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
3107.189.18.71 →
IPCountryASNTop portsEvents
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.