HoneyLabs
Lookup
Explore
CVEsPayloadsCampaignsAEI IndexPortsUser-agents
Integrations
OverviewMCPFeedsAPI / Enrich
DocsBlog
Dashboard
iAnonymous lookups: 10/min, 60/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

port=9165

27 unique IPs · 28 events · 8 countries · 7 ASNs

Activity · last 7d

2026-06-15: 3 events2026-06-16: 3 events2026-06-17: 4 events2026-06-18: 7 events2026-06-19: 2 events2026-06-20: 1 events2026-06-21: 7 events2026-06-22: 1 events

peak 7 on 2026-06-18

Top source networks · click to refine

AS396982 Google LLC64.3%
AS206264 Amarutu Technology Ltd14.3%
AS209334 Modat B.V.7.1%
AS204428 SS-Net3.6%
port: 9165×window1h24h7d30d🔒90d🔒
Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
HTTP9165GET /
UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpan…
18 · 18 IPs162.216.149.189 →
HTTP9165GET /..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0
4 · 3 IPs5.187.35.26 →
HTTP9165GET /.well-known/security.txt
UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpan…
2 · 2 IPs147.185.132.71 →
TLS916520 20 0a 0a193.123.109.115 →
RDP9165/*�Cookie: mstshash=Administr 1185.196.220.130 →
TPKT9165TPKT / COTP (ISO-TSAP)03 00 00 13 0e e0 00 00 00 00 00 01 00 08 00 03 00 00 00180.94.95.152 →
HTTP9165GET /squid-internal-mgr/cachemgr.cgi
UA: Mozilla/5.0 zgrab/0.x
168.183.103.236 →
IPCountryASNTop portsEvents
5.187.35.26🇳🇱NLAS206264 Amarutu Technology Ltd91652
147.185.132.206🇺🇸USAS396982 Google LLC91651
147.185.132.86🇺🇸USAS396982 Google LLC91651
147.185.133.36🇺🇸USAS396982 Google LLC91651
185.196.220.130🇳🇱NLAS213438 ColocaTel Inc.91651
35.203.210.6969.210.203.35.bc.googleusercontent.com🇬🇧GBAS396982 Google LLC91651
162.216.149.1212.149.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC91651
162.216.149.232232.149.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC91651
147.185.133.104🇺🇸USAS396982 Google LLC91651
80.94.95.152🇷🇴ROAS204428 SS-Net91651
147.185.133.202🇺🇸USAS396982 Google LLC91651
147.185.133.47🇺🇸USAS396982 Google LLC91651
162.216.150.2424.150.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC91651
35.203.210.112112.210.203.35.bc.googleusercontent.com🇬🇧GBAS396982 Google LLC91651
147.185.133.83🇺🇸USAS396982 Google LLC91651
162.216.149.189189.149.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC91651
68.183.103.236🇺🇸USAS14061 DigitalOcean, LLC91651
147.185.132.71🇺🇸USAS396982 Google LLC91651
162.216.149.205205.149.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC91651
162.216.149.144144.149.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC91651
35.203.211.6767.211.203.35.bc.googleusercontent.com🇬🇧GBAS396982 Google LLC91651
85.217.149.19o020.scanner.modat.io🇨🇦CAAS209334 Modat B.V.91651
85.217.140.3o303.scanner.modat.io🇫🇷FRAS209334 Modat B.V.91651
93.123.109.115🇧🇬BGAS48090 Techoff Srv Limited91651
5.61.209.224🇸🇨SCAS206264 Amarutu Technology Ltd91651
162.216.150.180180.150.216.162.bc.googleusercontent.com🇺🇸USAS396982 Google LLC91651
5.187.35.142🇳🇱NLAS206264 Amarutu Technology Ltd91651
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.