HoneyLabs
iAnonymous lookups: 30/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

port=18072

11 unique IPs · 28 events · 9 countries · 7 ASNs

Activity · last 7d

2026-06-29: 4 events2026-06-30: 1 events2026-07-01: 11 events2026-07-04: 12 events

peak 12 on 2026-07-04

Top source networks · click to refine

Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
HTTP18072GET /
UA: Mozilla/5.0 (compatible; ModatScanner/1.2; +https://modat.io/)
9 · 7 IPs85.217.140.3 →
HTTP18072GET /favicon.ico
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Ed…
3 · 3 IPs152.32.197.166 →
HTTP18072GET /squid-internal-mgr/cachemgr.cgi
UA: Mozilla/5.0 zgrab/0.x
1157.230.26.229 →
TPKT18072TPKT / COTP (ISO-TSAP)03 00 00 0b 06 e0 00 00 00 00 001152.32.197.166 →
-18072�<HONEYPOT>F�1151.240.102.64 →
HTTP18072GET /global-protect/login.esp
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
179.124.58.126 →
RDP180723.�Cookie: mstshash=Administrator 1152.32.197.166 →
-180721151.240.102.64 →
HTTP18072GET /sslvpn_logon.shtml
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
179.124.58.126 →
HTTP18072GET /remote/login
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
179.124.58.126 →
HTTP18072GET /+CSCOE+/logon.html
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
179.124.58.126 →
HTTP18072GET /sslmgr
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
179.124.58.126 →
IPCountryASNTop portsEvents
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.