HoneyLabs
iAnonymous lookups: 10/min, 60/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

query: ja4:t12i330500_5172cef6ed69_021165082e1c

88 unique IPs · 258 events · 1 countries · 2 ASNs

Activity · last 7d

2026-06-24: 1 events2026-06-25: 16 events2026-06-26: 34 events2026-06-27: 71 events2026-06-28: 41 events2026-06-29: 16 events2026-06-30: 76 events2026-07-01: 3 events

peak 76 on 2026-06-30

Top source networks · click to refine

Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
HTTP8081GET /
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36
132 · 59 IPs45.156.129.159 →
HTTP8443/HTTPS-altGET /favicon.ico
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36
23 · 18 IPs45.156.128.66 →
HTTP4443GET /ext-js/app/common/zld_product_spec.js
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36
16 · 10 IPs45.156.129.108 →
HTTP4443GET /status.php
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36
10 · 9 IPs45.156.129.106 →
HTTP4443GET /owncloud/status.php
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36
10 · 8 IPs45.156.129.105 →
HTTP8443/HTTPS-altGET /progs/homepage
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36
6 · 5 IPs185.226.196.27 →
HTTP4443GET /internal_forms_authentication
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36
6 · 5 IPs45.156.129.107 →
HTTP4443GET /login/login
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36
5 · 4 IPs45.156.129.108 →
HTTP4443GET /php/login.php
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36
5 · 5 IPs45.156.129.107 →
HTTP8000/HTTP-altGET /OA_HTML/AppsLocalLogin.jsp
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36
5 · 4 IPs45.156.128.148 →
HTTP4443GET /identity/jsLibs/IdmBrandingBar.js
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36
4 · 3 IPs45.156.129.105 →
HTTP5986GET /wsman
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36
3 · 3 IPs45.156.129.178 →
IPCountryASNTop portsEvents
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.