HoneyLabs
iAnonymous lookups: 30/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

port=10123

29 unique IPs · 37 events · 8 countries · 7 ASNs

Activity · last 7d

2026-06-28: 1 events2026-06-29: 5 events2026-06-30: 2 events2026-07-01: 7 events2026-07-02: 3 events2026-07-03: 4 events2026-07-04: 9 events2026-07-05: 6 events

peak 9 on 2026-07-04

Top source networks · click to refine

Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
HTTP10123GET /
UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpan…
23 · 22 IPs35.203.211.140 →
HTTP10123GET /.well-known/security.txt
UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpan…
4 · 4 IPs162.216.149.82 →
HTTP10123GET /squid-internal-mgr/cachemgr.cgi
UA: Mozilla/5.0 zgrab/0.x
2 · 2 IPs157.230.26.229 →
HTTP10123GET /sitemap.xml
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Ed…
1165.154.100.252 →
HTTP10123GET /favicon.ico
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Ed…
1165.154.100.252 →
HTTP10123GET /robots.txt
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Ed…
1165.154.100.252 →
HTTP10123GET /config.json
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
1165.154.100.252 →
-10123�<HONEYPOT>'�1151.240.102.64 →
-101231151.240.102.64 →
RDP101233.�Cookie: mstshash=Administrator 1165.154.100.252 →
TPKT10123TPKT / COTP (ISO-TSAP)03 00 00 0b 06 e0 00 00 00 00 001165.154.100.252 →
IPCountryASNTop portsEvents
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.