HoneyLabs
Lookup
Explore
CVEsPayloadsCampaignsAEI IndexPortsUser-agents
Integrations
OverviewMCPFeedsAPI / Enrich
DocsBlog
Dashboard
iAnonymous lookups: 10/min, 60/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

query: port:63972

7 unique IPs · 147 events · 6 countries · 5 ASNs

Activity · last 7d

2026-06-17: 67 events2026-06-18: 9 events2026-06-19: 1 events2026-06-20: 70 events

peak 70 on 2026-06-20

Top source networks · click to refine

AS213790 Limited Network LTD47.6%
AS208137 Feo Prest SRL44.2%
AS209334 Modat B.V.2.0%
query: port:63972×window1h24h7d30d🔒90d🔒
Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
HTTP63972GET /auth.html
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
20 · 2 IPs213.209.159.5 →
HTTP63972GET /+CSCOE+/logon.html
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
20 · 2 IPs213.209.159.5 →
HTTP63972GET /sslvpn_logon.shtml
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
20 · 2 IPs213.209.159.5 →
HTTP63972GET /remote/login
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
20 · 2 IPs213.209.159.5 →
HTTP63972GET /RDWeb/
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
20 · 2 IPs213.209.159.5 →
HTTP63972GET /global-protect/login.esp
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
18 · 2 IPs213.209.159.5 →
HTTP63972GET /sslmgr
UA: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/5…
17 · 2 IPs213.209.159.5 →
HTTP63972GET /4 · 3 IPs66.132.224.92 →
HTTP63972GET /favicon.ico
UA: Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
366.132.224.92 →
TLS639720a2 · 2 IPs85.217.140.16 →
TLS6397250 52 49 20 2a 20 48 54 54 50 2f 32 2e 30 0d 0a 0d 0a 53 4d 0d 0a 0d 0a …(57 bytes)166.132.224.92 →
HTTP63972GET /robots.txt
UA: Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
166.132.224.92 →
IPCountryASNTop portsEvents
185.93.89.121🇮🇷IRAS213790 Limited Network LTD6397270
213.209.159.5🇹🇼TWAS208137 Feo Prest SRL6397265
66.132.224.9292.224.132.66.censys-scanner.com🇺🇸USunknown network639728
85.217.140.16o316.scanner.modat.io🇫🇷FRAS209334 Modat B.V.639721
31.14.32.4n300.scanner.modat.io🇳🇱NLAS201401 NewVM B.V.639721
85.217.140.53o352.scanner.modat.io🇫🇷FRAS209334 Modat B.V.639721
85.217.149.7o008.scanner.modat.io🇨🇦CAAS209334 Modat B.V.639721
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.