HoneyLabs
Lookup
Explore
CVEsPayloadsCampaignsAEI IndexPortsUser-agents
Integrations
OverviewMCPFeedsAPI / Enrich
DocsBlog
Dashboard
iAnonymous lookups: 10/min, 60/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

port=2345

43 unique IPs · 87 events · 11 countries · 12 ASNs

Activity · last 7d

2026-06-18: 7 events2026-06-19: 6 events2026-06-20: 4 events2026-06-21: 18 events2026-06-22: 22 events2026-06-23: 8 events2026-06-24: 15 events2026-06-25: 7 events

peak 22 on 2026-06-22

Top source networks · click to refine

AS396982 Google LLC33.3%
AS135377 UCLOUD INFORMATION TECHNOLOGY (HK) LIMIT16.1%
AS49870 Alsycon B.V.16.1%
AS213412 ONYPHE SAS6.9%
port: 2345×window1h24h7d30d🔒90d🔒
Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
HTTP2345GET /
UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpan…
33 · 27 IPs147.185.132.179 →
TPKT2345TPKT / COTP (ISO-TSAP)03 00 00 13 0e e0 00 00 00 00 00 01 00 08 00 02 00 00 0014 · 3 IPs160.119.76.32 →
HTTP2345GET /favicon.ico
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4 240.111 Safari/537.36
7 · 7 IPs36.156.22.2 →
HTTP2345GET /.well-known/security.txt
UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpan…
5 · 5 IPs162.216.150.59 →
HTTP2345POST /global-protect/login.esp
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.…
445.142.193.24 →
HTTP2345GET /sitemap.xml
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4 240.111 Safari/537.36
3 · 3 IPs36.156.22.2 →
DICOM2345ANY-SCP FINDSCU 1.2.840.10008.3.1.1.1 a�01.2.840.10008.5.1.4.31@1.2.840.10008.1.2.1@1.2.840.10008.1.2.2@…380.82.77.139 →
DICOM2345�ANY-SCP ECHOSCU 01.2.840.10008.3.1.1.1 .01.2.840.10008.1.1@1.2.840.10008.1.2P:Q@R1.2.276.0.72300…3 · 3 IPs216.180.246.60 →
HTTP2345GET /robots.txt
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4 240.111 Safari/537.36
3 · 3 IPs36.156.22.2 →
TPKT2345TPKT / COTP (ISO-TSAP)03 00 00 0b 06 e0 00 00 00 00 002 · 2 IPs165.154.138.33 →
RDP23453.�Cookie: mstshash=Administrator 2 · 2 IPs165.154.138.33 →
HTTP2345GET /config.json
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
2 · 2 IPs165.154.138.33 →
IPCountryASNTop portsEvents
101.36.114.124🇰🇷KRAS135377 UCLOUD INFORMATION TECHNOLOGY (HK) LIMIT23457
165.154.138.33🇩🇪DEAS135377 UCLOUD INFORMATION TECHNOLOGY (HK) LIMIT23457
160.119.76.16🇸🇨SCAS49870 Alsycon B.V.23457
160.119.76.58🇸🇨SCAS49870 Alsycon B.V.23456
36.156.22.2🇨🇳CNAS56046 China Mobile communications corporation23456
216.180.246.60crawler060.deepfield.net🇺🇸USAS396982 Google LLC23454
45.142.193.24🇷🇴ROAS214295 Skynet Network Ltd23454
216.180.246.93crawler093.deepfield.net🇺🇸USAS396982 Google LLC23453
216.180.246.52crawler052.deepfield.net🇺🇸USAS396982 Google LLC23453
80.82.77.139dojo.census.shodan.io🇳🇱NLAS202425 IP Volume inc23453
35.203.210.6464.210.203.35.bc.googleusercontent.com🇬🇧GBAS396982 Google LLC23452
147.185.132.179🇺🇸USAS396982 Google LLC23452
35.203.210.3535.210.203.35.bc.googleusercontent.com🇬🇧GBAS396982 Google LLC23452
162.216.149.191191.149.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC23452
122.96.28.131🇨🇳CNAS4837 CHINA UNICOM China169 Backbone23451
195.184.76.191finley.probe.onyphe.net🇺🇸USAS213412 ONYPHE SAS23451
162.216.149.175🇺🇸USAS396982 Google LLC23451
162.216.149.186186.149.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC23451
104.152.52.225internettl.org🇺🇸USAS14987 Rethem Hosting LLC23451
195.184.76.235lilli.probe.onyphe.net🇺🇸USAS213412 ONYPHE SAS23451
195.184.76.51marshall.probe.onyphe.net🇺🇸USAS213412 ONYPHE SAS23451
162.216.149.5858.149.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC23451
162.216.150.122122.150.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC23451
85.217.140.30o329.scanner.modat.io🇫🇷FRAS209334 Modat B.V.23451
118.81.201.157157.201.81.118.adsl-pool.sx.cn🇨🇳CNAS4837 CHINA UNICOM China169 Backbone23451
123.163.114.38🇨🇳CNAS4134 Chinanet23451
162.216.150.6969.150.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC23451
85.217.140.25o324.scanner.modat.io🇫🇷FRAS209334 Modat B.V.23451
35.203.210.6363.210.203.35.bc.googleusercontent.com🇬🇧GBAS396982 Google LLC23451
162.216.150.5959.150.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC23451
104.152.52.241🇺🇸USAS14987 Rethem Hosting LLC23451
35.203.211.190190.211.203.35.bc.googleusercontent.com🇬🇧GBAS396982 Google LLC23451
160.119.76.32🇸🇨SCAS49870 Alsycon B.V.23451
147.185.133.110🇺🇸USAS396982 Google LLC23451
104.152.52.219internettl.org🇺🇸USAS14987 Rethem Hosting LLC23451
91.230.168.135ogallagher.probe.onyphe.net🇺🇸USAS213412 ONYPHE SAS23451
85.217.140.45o344.scanner.modat.io🇫🇷FRAS209334 Modat B.V.23451
185.193.167.42🇹🇷TRAS137409 GSL Networks Pty LTD23451
162.216.150.121121.150.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC23451
91.230.168.69naomi.probe.onyphe.net🇺🇸USAS213412 ONYPHE SAS23451
162.216.149.251251.149.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC23451
91.230.168.210chen.probe.onyphe.net🇺🇸USAS213412 ONYPHE SAS23451
85.217.149.70o070.scanner.modat.io🇨🇦CAAS209334 Modat B.V.23451
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.