iAnonymous lookups: 10/min, 60/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.
Filtered actors
port=9489
23 unique IPs · 156 events · 5 countries · 6 ASNs
Activity · last 7d
peak 73 on 2026-06-20
Top source networks · click to refine
port: 9489×window1h24h7d30d🔒90d🔒
Turn this query into a daily email digest or an IOC feed URL.Save as feed
Sample payloads
top distinct probes matching this query| Protocol | Port | Probe / payload | Hits | Example |
|---|---|---|---|---|
| HTTP | 9489 | GET /auth.html UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5… | 20 · 2 IPs | 185.93.89.121 → |
| HTTP | 9489 | GET /RDWeb/ UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5… | 20 · 2 IPs | 185.93.89.121 → |
| HTTP | 9489 | GET /remote/login UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5… | 20 · 2 IPs | 185.93.89.121 → |
| HTTP | 9489 | GET /sslvpn_logon.shtml UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5… | 20 · 2 IPs | 185.93.89.121 → |
| HTTP | 9489 | GET /+CSCOE+/logon.html UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5… | 20 · 2 IPs | 185.93.89.121 → |
| HTTP | 9489 | GET /global-protect/login.esp UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5… | 18 · 2 IPs | 185.93.89.121 → |
| HTTP | 9489 | GET /sslmgr UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5… | 17 · 2 IPs | 185.93.89.121 → |
| HTTP | 9489 | GET / UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpan… | 15 · 15 IPs | 147.185.133.188 → |
| HTTP | 9489 | GET /.well-known/security.txt UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpan… | 4 · 4 IPs | 35.203.210.238 → |
| TPKT | 9489 | TPKT / COTP (ISO-TSAP)03 00 00 13 0e e0 00 00 00 00 00 01 00 08 00 03 00 00 00 | 1 | 15.204.244.83 → |
| HTTP | 9489 | GET /squid-internal-mgr/cachemgr.cgi UA: Mozilla/5.0 zgrab/0.x | 1 | 165.227.107.139 → |
IPCountryASNTop portsEvents