iAnonymous lookups: 30/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.
Filtered actors
port=9001
243 unique IPs · 2.1K events · 22 countries · 28 ASNs
Activity · last 7d
peak 917 on 2026-06-30
Top source networks · click to refine
port: 9001×window1h24h7d30d🔒90d🔒
Turn this query into a daily email digest or an IOC feed URL.Save as feed
Sample payloads
top distinct probes matching this query| Protocol | Port | Probe / payload | Hits | Example |
|---|---|---|---|---|
| HTTP | 9001/Tor | GET / UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 | 236 · 116 IPs | 194.187.179.49 → |
| HTTP | 9001/Tor | GET /favicon.ico UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 | 81 · 68 IPs | 194.187.179.140 → |
| TLS | 9001/Tor | 0a | 25 · 9 IPs | 85.217.149.28 → |
| - | 9001/Tor | MGLNDD_<HONEYPOT>_9001 | 24 · 23 IPs | 13.86.104.42 → |
| HTTP | 9001/Tor | POST / UA: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.6998.135 Mobile Safari/537.36 | 23 · 4 IPs | 160.119.71.92 → |
| - | 9001/Tor | ,READYSocket-Type PULLIdentity hello | 9 · 3 IPs | 45.142.154.46 → |
| - | 9001/Tor | ff 00 00 00 00 00 00 00 00 7f 03 01 4e 55 4c 4c 00 00 00 00 00 00 00 00 …(64 bytes) | 9 · 3 IPs | 45.142.154.46 → |
| RDP | 9001/Tor | /*� Cookie: mstshash=Administr | 7 · 2 IPs | 192.253.248.180 → |
| HTTP | 9001/Tor | GET /config.json UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36 | 6 · 6 IPs | 34.130.141.173 → |
| HTTP | 9001/Tor | GET /.git/config UA: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36 | 6 · 6 IPs | 34.135.190.89 → |
| TLS | 9001/Tor | 50 52 49 20 2a 20 48 54 54 50 2f 32 2e 30 0d 0a 0d 0a 53 4d 0d 0a 0d 0a …(57 bytes) | 6 · 6 IPs | 199.45.155.110 → |
| HTTP | 9001/Tor | GET /jolokia/exec UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpan… | 5 · 5 IPs | 205.210.31.91 → |
IPCountryASNTop portsEvents