HoneyLabs
iAnonymous lookups: 30/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

port=9229

32 unique IPs · 55 events · 11 countries · 14 ASNs

Activity · last 7d

2026-06-28: 7 events2026-06-29: 1 events2026-06-30: 7 events2026-07-01: 5 events2026-07-02: 8 events2026-07-03: 19 events2026-07-04: 4 events2026-07-05: 4 events

peak 19 on 2026-07-03

Top source networks · click to refine

Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
HTTP9229GET /
UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpan…
23 · 20 IPs147.185.133.235 →
HTTP9229GET /.well-known/security.txt
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4 240.111 Safari/537.36
6 · 5 IPs154.197.56.163 →
HTTP9229GET /favicon.ico
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4 240.111 Safari/537.36
4 · 3 IPs154.197.56.163 →
HTTP9229GET /json345.195.83.137 →
HTTP9229GET /json/version
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
3 · 3 IPs45.198.224.81 →
RDP9229/*�Cookie: mstshash=Administr 3 · 2 IPs80.94.95.221 →
-9229�<HONEYPOT>$ 2151.240.63.161 →
HTTP9229GET /sitemap.xml
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4 240.111 Safari/537.36
2154.197.56.163 →
HTTP9229GET /robots.txt
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4 240.111 Safari/537.36
2154.197.56.163 →
HTTP9229GET /llms.txt
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4 240.111 Safari/537.36
2154.197.56.163 →
HTTP9229GET /jolokia/list
UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpan…
1147.185.133.132 →
HTTP9229GET /squid-internal-mgr/cachemgr.cgi
UA: Mozilla/5.0 zgrab/0.x
168.183.5.101 →
IPCountryASNTop portsEvents
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.