HoneyLabs
iAnonymous lookups: 10/min, 60/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

port=2289

22 unique IPs · 40 events · 8 countries · 7 ASNs

Activity · last 7d

2026-06-24: 1 events2026-06-25: 16 events2026-06-26: 3 events2026-06-27: 3 events2026-06-28: 3 events2026-06-29: 8 events2026-06-30: 4 events2026-07-01: 2 events

peak 16 on 2026-06-25

Top source networks · click to refine

Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
SSH2289SSH-2.0-ZGrab ZGrab SSH Survey16 · 15 IPs35.203.210.160 →
RDP2289/*�Cookie: mstshash=Administr 14 · 3 IPs213.209.159.83 →
HTTP2289GET /
UA: Mozilla/5.0 (compatible; ModatScanner/1.2; +https://modat.io/)
2 · 2 IPs85.217.140.18 →
HTTP2289GET /sslmgr
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
179.124.58.126 →
HTTP2289GET /auth.html
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
179.124.58.126 →
HTTP2289GET /RDWeb/
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
179.124.58.126 →
HTTP2289GET /remote/login
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
179.124.58.126 →
HTTP2289GET /sslvpn_logon.shtml
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
179.124.58.126 →
HTTP2289GET /+CSCOE+/logon.html
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
179.124.58.126 →
TPKT2289TPKT / COTP (ISO-TSAP)03 00 00 13 0e e0 00 00 00 00 00 01 00 08 00 02 00 00 00182.147.85.62 →
HTTP2289GET /global-protect/login.esp
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
179.124.58.126 →
IPCountryASNTop portsEvents
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.