HoneyLabs
iAnonymous lookups: 30/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

port=9001

243 unique IPs · 2.1K events · 22 countries · 28 ASNs

Activity · last 7d

2026-06-25: 5 events2026-06-26: 92 events2026-06-27: 183 events2026-06-28: 83 events2026-06-29: 727 events2026-06-30: 917 events2026-07-01: 36 events2026-07-02: 99 events

peak 917 on 2026-06-30

Top source networks · click to refine

Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
HTTP9001/TorGET /
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
236 · 116 IPs194.187.179.49 →
HTTP9001/TorGET /favicon.ico
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
81 · 68 IPs194.187.179.140 →
TLS9001/Tor0a25 · 9 IPs85.217.149.28 →
-9001/TorMGLNDD_<HONEYPOT>_900124 · 23 IPs13.86.104.42 →
HTTP9001/TorPOST /
UA: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.6998.135 Mobile Safari/537.36
23 · 4 IPs160.119.71.92 →
-9001/Tor,READY Socket-TypePULLIdentityhello9 · 3 IPs45.142.154.46 →
-9001/Torff 00 00 00 00 00 00 00 00 7f 03 01 4e 55 4c 4c 00 00 00 00 00 00 00 00 …(64 bytes)9 · 3 IPs45.142.154.46 →
RDP9001/Tor/*�Cookie: mstshash=Administr 7 · 2 IPs192.253.248.180 →
HTTP9001/TorGET /config.json
UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
6 · 6 IPs34.130.141.173 →
HTTP9001/TorGET /.git/config
UA: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36
6 · 6 IPs34.135.190.89 →
TLS9001/Tor50 52 49 20 2a 20 48 54 54 50 2f 32 2e 30 0d 0a 0d 0a 53 4d 0d 0a 0d 0a …(57 bytes)6 · 6 IPs199.45.155.110 →
HTTP9001/TorGET /jolokia/exec
UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpan…
5 · 5 IPs205.210.31.91 →
IPCountryASNTop portsEvents
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.