We gratefully acknowledge IPinfo.io for their generous support of academic research by providing free access to their comprehensive IP geolocation and intelligence data.

Traffic Report for nqatp (US, Boardman)

Linux | 0.93 GB | hosting
Active (5m ago)
United States | Linux | Unknown RAM

Page loaded: 2025-11-30 22:36:22 UTC

Actionable Threat Intelligence

Firewall IP Blocklists
Choose Your Blocklist Strategy

Three different blocklist options are available based on your security requirements and tolerance for false positives.

Recommended
LightScope Network Power

Harnesses the power of the entire LightScope network! Contains IPs that connected to honeypots across ALL LightScope endpoints.

  • 🌐 Network-wide threat intelligence
  • ✓ 100% verified genuine attackers
  • ✓ No spoofed IP addresses
  • ✓ Maximum protection coverage
Best Choice: Leverages the collective intelligence of the entire LightScope network. Safe for immediate deployment.
Conservative
Endpoint-Specific Verified

Only includes IPs that completed a 3-way TCP handshake with THIS endpoint's honeypot services. These are verified genuine threat actors specific to your endpoint.

  • ✓ Endpoint-specific targeting
  • ✓ Zero spoofing risk
  • ✓ Safe for production
  • ✓ Targeted protection
Good Choice: For endpoint-specific protection. These IPs specifically targeted your infrastructure.
Extreme (Not Recommended)
All Threat Actor IPs

Includes ALL individual threat actor IPs that targeted your network, including those that may be spoofed by competitors or other attackers.

  • 🚨 HIGH spoofing probability
  • ⚠️ WILL LIKELY block legitimate traffic
  • ⚠️ Can cause service disruption
  • ⚠️ NOT RECOMMENDED
Not Recommended: High risk of blocking legitimate services. Only for isolated environments.
Firewall Import Instructions:
pfSense/OPNsense:
Firewall → Aliases → IP → Upload
Cisco ASA:
object-group network BLOCKLIST
iptables:
ipset create blocklist hash:ip
Format:
Plain text, one IP per line

Automate your blocklist updates! Use these wget commands to automatically download the latest blocklists for integration into scripts, cron jobs, or automated security workflows.

Recommended (Network-wide)
wget -O recommended_blocklist.txt \
  "https://lightscope.isi.edu/blocklist/20250625_bywaoltrwcikumlcynjwzfntqugsvzvfkrwdubonocoubyzwznqatp/recommended"
Conservative (Endpoint-specific)
wget -O conservative_blocklist.txt \
  "https://lightscope.isi.edu/blocklist/20250625_bywaoltrwcikumlcynjwzfntqugsvzvfkrwdubonocoubyzwznqatp/conservative"
Extreme (Not Recommended)
wget -O extreme_blocklist.txt \
  "https://lightscope.isi.edu/blocklist/20250625_bywaoltrwcikumlcynjwzfntqugsvzvfkrwdubonocoubyzwznqatp/extreme"
Example Automation Script:
#!/bin/bash
# Download latest LightScope blocklist
wget -q -O /tmp/blocklist.txt \
  "https://lightscope.isi.edu/blocklist/20250625_bywaoltrwcikumlcynjwzfntqugsvzvfkrwdubonocoubyzwznqatp/recommended"

# Apply to iptables
ipset flush lightscope_blocklist
while read ip; do
  ipset add lightscope_blocklist $ip
done < /tmp/blocklist.txt
Cron Job Example:
# Update blocklist every hour
0 * * * * /usr/local/bin/update_blocklist.sh

# Update blocklist daily at 2 AM
0 2 * * * wget -q -O /etc/firewall/blocklist.txt \
  "https://lightscope.isi.edu/blocklist/20250625_bywaoltrwcikumlcynjwzfntqugsvzvfkrwdubonocoubyzwznqatp/recommended" \
  && /usr/local/bin/reload_firewall.sh
Pro Tip: Set up automated downloads to keep your firewall protection current. The blocklists are updated whenever new dashboard data is processed, ensuring you have the latest threat intelligence.
Internal Threats
None detected
No unwanted traffic from internal IP addresses
Changes To Targeted Ports
No major changes detected
No port changes above 300%
Overall Traffic Trends
Normal Level
+20.3% change (7-day)
Current: 146,203
Previous: 121,521
Status:
  • Traffic levels are within normal range
  • Continue regular monitoring
  • Review other sections for insights
How to Use This Section

This section provides immediate, actionable insights from your threat intelligence data. Red items require immediate attention, yellow items need investigation, and green items indicate normal status. Click on the detailed sections below for comprehensive analysis and remediation steps.

Honeypot Analysis

IPs Connected to Honeypot Ports On Your Machine

Loading honeypot connections data...

Incomplete Connections: Attackers Started But Didn't Complete The 3-Way Handshake To Honeypot Ports

Loading incomplete connections data...

Honeypot Port Statistics

Loading port statistics...

Attack Payloads

Loading payload analysis...

Honeypot Attack Timeline

Loading temporal analysis...

General Information

All Sources Unwanted Traffic Port Activity
Last 7 Days
Daily Unwanted Traffic Since Inception
Weekly Unwanted Traffic by Hour
Last 7 Days
Ports Targeted by Unwanted Traffic
Last 7 Days
Data Time Ranges:
  • Weekly Unwanted Traffic by Hour: Last 7 days
  • Daily Unwanted Traffic Since Inception: Complete history
  • Port Statistics: Last 7 days
Unique Threat Actors

14,798

Distinct sources of unwanted traffic

Comparative Analysis
Unwanted Traffic Rankings
48.3% Unwanted Traffic Volume Percentile

Rank 16 of 29
among active endpoints for receiving unwanted traffic


122,486
Unwanted
Packets (7d)
10,207
Threat
Sources
13952
Targeted
Ports
Unwanted Traffic Concentration

Top threat subnets generate:

Top 5% of subnets (201 subnets): 90.5%
Top 10% of subnets: 93.8%
Top 20% of subnets: 96.1%
From 4,018 total threat subnets (122,481 unwanted packets)

Internal Threats

7-Day Comparison

Traffic Volume Changes
Current Week

146,203

packets

Previous Week

121,521

packets

Change

+24,682

(20.3%)

New Threat Actors
IP Address Hit Count Country ASN
46.17.96.38 7897 Netherlands AS57043
111.205.209.78 2506 China AS4808
78.128.114.110 1389 Bulgaria AS50360
79.124.49.226 1207 Bulgaria AS50360
204.76.203.219 1173 Netherlands AS51396
79.124.40.158 967 Bulgaria AS50360
79.124.60.6 929 Bulgaria AS50360
149.102.234.72 914 Brazil AS212238
79.124.40.138 906 Bulgaria AS50360
115.231.78.14 836 China AS58461
New Subnets
Subnet Hit Count
46.17.96.0/24 7897
Significant Activity Changes
IP Address Change Country
169.228.66.209 +141% United States
206.189.105.53 +108% Netherlands
Port Targeting Changes
New Ports Being Targeted
Port 3306 (1222 hits) Port 143 (938 hits) Port 6379 (894 hits) Port 5432 (810 hits) Port 21 (804 hits) Port 445 (797 hits) Port 3000 (736 hits) Port 8888 (725 hits) Port 8000 (713 hits) Port 25 (704 hits)
Significant Port Changes
Port Change
1433 +297%
2222 +182%
8728 +147%
443 +146%
23 +134%
80 +126%
8080 +117%
8443 +115%
5900 +71%
3389 +69%
New Geographic Sources
Bulgaria (12631 hits) China (3342 hits) Canada (738 hits)
Comparison Summary: This analysis compares the last 7 days with the previous 7 days (8-14 days ago). Traffic has increased by 24,682 packets (20.3%). 10 new threat actor(s) detected. 1 new subnet(s) detected.

Threat Intelligence Analysis

Unwanted Traffic by Company/Organization
Company/Organization Packet Count Unique Sources Countries ASNs Sample IPs
Microsoft Corporation 31,139 4 United States AS8075 52.154.143.7, 20.55.84.97, 20.65.193.188...
Tamatiya EOOD 16,547 29 Bulgaria AS50360 78.128.114.110, 79.124.49.226, 79.124.40.158...
Google LLC 16,332 156 Belgium United Kingdom United States AS396982 35.203.210.84, 162.216.149.225, 35.203.211.64...
DigitalOcean, LLC 13,896 8 Canada India Netherlands +2 AS14061 206.189.105.53, 157.245.32.173, 68.183.90.203...
Palo Alto Networks, Inc 8,554 82 Belgium Brazil Finland +2 AS396982 147.185.133.58, 147.185.132.250, 147.185.133.248...
HOSTKEY B.V. 7,897 1 Netherlands AS57043 46.17.96.38
China Unicom Beijing province network 6,106 1 China AS4808 111.205.209.78
Limited Network LTD 5,913 7 Netherlands AS214295 45.142.193.90, 45.142.193.191, 45.142.193.131...
Amazon Technologies Inc. 4,629 27 United States AS16509 3.14.73.254, 3.148.147.222, 18.223.104.85...
Pfcloud UG 4,189 11 Germany Netherlands AS51396 204.76.203.219, 204.76.203.212, 204.76.203.31...
Amazon Data Services France 3,134 4 France AS16509 13.37.238.190, 15.188.86.32, 35.180.19.44...
University of California, San Diego 3,132 1 United States AS7377 169.228.66.209
Fuse Hosting Web 2,223 8 Netherlands AS174 87.120.191.13, 87.120.191.104, 87.120.191.37...
Datacamp Limited 2,187 3 Brazil AS212238 149.102.234.72, 149.102.234.81, 149.102.234.193
RECYBER PROJECT NETBLOCK 1,565 6 Netherlands AS202425 89.248.163.200, 89.248.163.190, 89.248.165.205...
Censys, Inc. 1,558 17 Germany Hong Kong United States AS398324 AS398705 +1 167.94.145.22, 167.94.145.21, 206.168.35.44...
VenomDC - Private Internet Space. 1,489 3 Bulgaria AS50360 79.124.60.6, 79.124.60.146, 79.124.58.18
Skoali 1,133 2 Canada Unknown 103.102.230.4, 103.102.230.3
Hangzhou Duchuang Keji Co.,Ltd 836 1 China AS58461 115.231.78.14
CyberTech LLC 774 2 Russia AS44881 178.22.24.60, 178.22.24.121
Driftnet Ltd 747 6 United Kingdom AS211298 193.163.125.126, 193.163.125.128, 193.163.125.139...
Alsycon B.V. 689 2 Netherlands AS49870 185.224.128.17, 194.50.16.198
Web Werks India Pvt. Ltd. 649 1 India AS133296 103.224.247.219
internet-security-cheapyhost 528 3 Netherlands AS401120 196.251.71.217, 196.251.72.203, 196.251.80.178
The Shadowserver Foundation, Inc. 477 5 United States AS6939 64.62.156.21, 64.62.197.91, 64.62.156.193...
Unwanted Traffic by Country
Country Country Code Packet Count Unique Sources Sample IPs
United States US 53,392 178 52.154.143.7, 169.228.66.209, 3.14.73.254, 3.148.147.222, 162.216.149.225
Netherlands NL 38,293 57 206.189.105.53, 46.17.96.38, 45.142.193.90, 45.142.193.191, 45.142.193.131
Bulgaria BG 18,389 35 78.128.114.110, 79.124.49.226, 79.124.40.158, 79.124.60.6, 79.124.40.138
United Kingdom GB 9,788 89 157.245.32.173, 51.89.172.133, 35.203.210.84, 35.203.211.64, 35.203.211.91
China CN 7,894 10 111.205.209.78, 115.231.78.14, 123.172.55.253, 39.129.34.202, 221.235.141.78
France FR 3,945 10 13.37.238.190, 15.188.86.32, 35.180.19.44, 35.180.166.128, 208.115.211.60
Finland FI 3,824 35 147.185.133.58, 147.185.133.248, 147.185.133.207, 147.185.133.122, 147.185.133.149
Brazil BR 3,276 14 149.102.234.72, 149.102.234.81, 149.102.234.193, 205.210.31.161, 205.210.31.139
Canada CA 1,696 7 103.102.230.4, 103.102.230.3, 148.113.214.202, 148.113.189.33, 24.54.95.49
Russia RU 1,647 6 178.22.24.60, 178.22.24.121, 88.210.63.88, 45.135.95.25, 87.251.67.25
Germany DE 1,388 11 185.91.127.107, 185.73.23.133, 167.94.145.22, 167.94.145.21, 176.65.148.206
India IN 1,158 6 103.224.247.219, 103.162.198.97, 68.183.90.203, 103.71.112.18, 162.216.142.81
Belgium BE 862 9 198.235.24.145, 198.235.24.158, 198.235.24.154, 198.235.24.215, 198.235.24.232
Hong Kong HK 860 11 156.225.0.37, 199.45.155.66, 199.45.154.177, 45.249.245.54, 156.225.0.41
Poland PL 597 2 95.214.53.196, 194.180.48.63
Japan JP 587 3 185.244.104.2, 110.0.133.97, 139.162.70.53
Taiwan TW 550 5 198.235.24.89, 198.235.24.9, 198.235.24.10, 198.235.24.98, 198.235.24.8
Lithuania LT 380 3 91.224.92.128, 77.90.185.84, 77.90.185.49
Singapore SG 347 3 45.32.115.84, 185.200.116.70, 8.222.159.54
Australia AU 126 1 51.161.174.170
Ukraine UA 121 1 185.243.98.11
Sweden SE 79 1 213.114.112.44
Malaysia MY 60 1 47.250.80.183
Romania RO 60 1 193.29.13.161
Spain ES 59 1 5.187.35.21
Unwanted Traffic by Autonomous System (ASN)
ASN AS Name Packet Count Unique Sources Countries Sample IPs
AS8075 Microsoft Corporation 31,139 4 United States 52.154.143.7, 20.55.84.97, 20.65.193.188...
AS396982 Google LLC 24,886 238 Belgium Brazil Finland +3 35.203.210.84, 162.216.149.225, 147.185.133.58...
AS50360 Tamatiya EOOD 18,036 32 Bulgaria 78.128.114.110, 79.124.49.226, 79.124.40.158...
AS14061 DigitalOcean, LLC 13,896 8 Canada India Netherlands +2 206.189.105.53, 157.245.32.173, 68.183.90.203...
AS57043 HOSTKEY B.V. 7,897 1 Netherlands 46.17.96.38
AS16509 Amazon.com, Inc. 7,763 31 France United States 13.37.238.190, 15.188.86.32, 35.180.19.44...
AS4808 China Unicom Beijing Province Network 6,106 1 China 111.205.209.78
AS214295 SKYNET NETWORK LTD 5,913 7 Netherlands 45.142.193.90, 45.142.193.191, 45.142.193.131...
AS51396 Pfcloud UG 4,189 11 Germany Netherlands 204.76.203.219, 204.76.203.212, 204.76.203.31...
AS7377 University of California, San Diego 3,132 1 United States 169.228.66.209
AS174 Cogent Communications 2,688 13 Hong Kong Netherlands United States 87.120.191.13, 87.120.191.104, 87.120.191.37...
AS212238 Datacamp Limited 2,598 4 Brazil Japan 149.102.234.72, 149.102.234.81, 149.102.234.193...
AS202425 IP Volume inc 1,948 9 Netherlands 89.248.163.200, 89.248.163.190, 89.248.165.205...
Unknown Unknown 1,910 9 Canada Hong Kong Russia +1 103.102.230.4, 103.102.230.3, 88.210.63.88...
AS398324 Censys, Inc. 926 11 United States 206.168.35.44, 206.168.35.178, 167.248.133.117...
AS58461 CT-HangZhou-IDC 836 1 China 115.231.78.14
AS16276 OVH SAS 817 5 Australia Canada United Kingdom 51.89.172.133, 148.113.214.202, 148.113.189.33...
AS49870 Alsycon B.V. 798 3 Netherlands 185.224.128.17, 194.50.16.198, 89.190.159.188
AS44881 CyberTech LLC 774 2 Russia 178.22.24.60, 178.22.24.121
AS211298 Driftnet Ltd 747 6 United Kingdom 193.163.125.126, 193.163.125.128, 193.163.125.139...
AS133296 Web Werks India Pvt. Ltd. 649 1 India 103.224.247.219
AS201814 MEVSPACE sp. z o.o. 597 2 Poland 95.214.53.196, 194.180.48.63
AS401120 cheapy.host LLC 528 3 Netherlands 196.251.71.217, 196.251.72.203, 196.251.80.178
AS4134 CHINANET-BACKBONE 519 4 China 123.172.55.253, 221.235.141.78, 222.186.13.133...
AS6939 Hurricane Electric LLC 477 5 United States 64.62.156.21, 64.62.197.91, 64.62.156.193...

Global Threat Intelligence

Global Threat Trends
Network-Wide Traffic Volume
Recent 30 days
1,669,932
Previous 30 days
7,478,828
-77.7% change
Unique Threat Sources
Recent 30 days
28,789
Previous 30 days
61,112
-52.9% change
Top Threat Source Countries
Country Packets Sources
United States 423,014 197
Germany 207,903 37
Canada 150,172 21
Netherlands 72,831 70
Bulgaria 64,827 44
Top Targeted Ports Globally
Port Hit Count Sources
5900 422,947 623
3389 18,633 1214
23 15,757 8599
8080 11,513 1568
443 11,123 1943
Recently Silent Subnets
Subnet Last Seen Historical Packets Endpoints Country Organization Sample IPs
134.199.194.0/24 2025-11-24T22:18:45 92,558 1 United States DigitalOcean, LLC 134.199.194.127
134.199.204.0/24 2025-11-24T22:18:45 74,856 1 United States DigitalOcean, LLC 134.199.204.19
165.227.44.0/24 2025-11-24T22:18:45 68,003 1 Canada DigitalOcean, LLC 165.227.44.4
162.243.22.0/24 2025-11-24T22:18:45 67,783 1 United States DigitalOcean, LLC 162.243.22.228
162.243.248.0/24 2025-11-24T22:18:45 16,461 5 United States DigitalOcean, LLC 162.243.248.118
54.249.119.0/24 2025-11-24T22:18:46 1,270 1 Japan Amazon.com, Inc. 54.249.119.10
36.255.98.0/24 2025-11-24T22:18:47 984 24 Singapore Cyber Security SG 36.255.98.221
162.216.149.0/24 2025-11-24T22:18:46 598 23 United States Google LLC 162.216.149.44
162.216.150.0/24 2025-11-24T22:18:45 564 23 United States Google LLC 162.216.150.73
35.203.211.0/24 2025-11-24T22:18:46 559 23 United Kingdom Google LLC 35.203.211.12

Coordinated Attack Patterns (Sharded Subnets)

Subnets in Coordinated Group:
79.124.62.0/24 55.236.236.0/24 77.169.208.0/24 198.245.9.0/24 185.242.226.0/24 113.39.106.0/24 89.248.163.0/24 204.76.203.0/24 65.49.1.0/24 45.140.222.0/24
Detected Coordination Patterns:
Traffic Timeline - Coordinated Patterns:
This chart shows hourly traffic patterns for all subnets in this coordinated group. Look for synchronized increases/decreases that indicate coordinated behavior.
Unwanted Traffic Temporal Analysis:
This scatter plot shows detailed port targeting activity over time for all subnets in this coordinated group. Each bubble represents port activity - larger bubbles indicate higher packet volumes.
Subnets in Coordinated Group:
162.199.20.0/24 79.124.49.0/24 35.40.64.0/24 192.113.218.0/24
Detected Coordination Patterns:
Traffic Timeline - Coordinated Patterns:
This chart shows hourly traffic patterns for all subnets in this coordinated group. Look for synchronized increases/decreases that indicate coordinated behavior.
Unwanted Traffic Temporal Analysis:
This scatter plot shows detailed port targeting activity over time for all subnets in this coordinated group. Each bubble represents port activity - larger bubbles indicate higher packet volumes.
Subnets in Coordinated Group:
162.216.150.0/24 35.203.210.0/24 35.203.211.0/24 147.185.133.0/24 162.216.149.0/24 147.185.132.0/24 205.210.31.0/24 88.26.109.0/24 198.235.24.0/24 66.132.153.0/24 167.94.138.0/24 162.142.125.0/24 216.180.246.0/24 206.168.34.0/24 199.45.154.0/24 64.62.156.0/24 64.62.197.0/24
Detected Coordination Patterns:
Traffic Timeline - Coordinated Patterns:
This chart shows hourly traffic patterns for all subnets in this coordinated group. Look for synchronized increases/decreases that indicate coordinated behavior.
Unwanted Traffic Temporal Analysis:
This scatter plot shows detailed port targeting activity over time for all subnets in this coordinated group. Each bubble represents port activity - larger bubbles indicate higher packet volumes.
Subnets in Coordinated Group:
134.199.204.0/24 162.243.22.0/24 129.64.177.0/24 176.65.149.0/24 167.94.146.0/24 79.124.59.0/24
Detected Coordination Patterns:
Traffic Timeline - Coordinated Patterns:
This chart shows hourly traffic patterns for all subnets in this coordinated group. Look for synchronized increases/decreases that indicate coordinated behavior.
Unwanted Traffic Temporal Analysis:
This scatter plot shows detailed port targeting activity over time for all subnets in this coordinated group. Each bubble represents port activity - larger bubbles indicate higher packet volumes.
Subnets in Coordinated Group:
162.243.248.0/24 115.74.211.0/24 68.183.207.0/24 79.124.56.0/24 143.42.1.0/24 15.188.207.0/24 81.17.16.0/24
Detected Coordination Patterns:
Traffic Timeline - Coordinated Patterns:
This chart shows hourly traffic patterns for all subnets in this coordinated group. Look for synchronized increases/decreases that indicate coordinated behavior.
Unwanted Traffic Temporal Analysis:
This scatter plot shows detailed port targeting activity over time for all subnets in this coordinated group. Each bubble represents port activity - larger bubbles indicate higher packet volumes.
Subnets in Coordinated Group:
52.154.143.0/24 142.214.101.0/24 120.247.7.0/24
Detected Coordination Patterns:
Traffic Timeline - Coordinated Patterns:
This chart shows hourly traffic patterns for all subnets in this coordinated group. Look for synchronized increases/decreases that indicate coordinated behavior.
Unwanted Traffic Temporal Analysis:
This scatter plot shows detailed port targeting activity over time for all subnets in this coordinated group. Each bubble represents port activity - larger bubbles indicate higher packet volumes.
Subnets in Coordinated Group:
78.128.114.0/24 79.124.58.0/24 196.15.219.0/24 249.112.182.0/24
Detected Coordination Patterns:
Traffic Timeline - Coordinated Patterns:
This chart shows hourly traffic patterns for all subnets in this coordinated group. Look for synchronized increases/decreases that indicate coordinated behavior.
Unwanted Traffic Temporal Analysis:
This scatter plot shows detailed port targeting activity over time for all subnets in this coordinated group. Each bubble represents port activity - larger bubbles indicate higher packet volumes.

Individual Threat Actors

Location Information
Country:Netherlands (NL)
City:Amsterdam
Region:North Holland
Postal Code:1012
Timezone:Europe/Amsterdam
Network Information
ASN:AS14061
AS Name:DigitalOcean, LLC
Company:DigitalOcean, LLC
Domain:digitalocean.com
Privacy Information
Hosting:true
Proxy:
VPN:true
Tor:
AbuseIPDB Information
Abuse Confidence Score: AbuseIPDB 100% (High Risk)
nqatp - Targeted Ports
Temporal Port Activity
Last 7 Days
ludbp (134,226 hits)
Temporal Port Activity
Last 7 Days
xqtiq (44,953 hits)
Temporal Port Activity
Last 7 Days
udqwh (19,298 hits)
Temporal Port Activity
Last 7 Days
isxku (13,877 hits)
Temporal Port Activity
Last 7 Days
alzae (13,051 hits)
Temporal Port Activity
Last 7 Days
deoyg (13,029 hits)
Temporal Port Activity
Last 7 Days
vqhav (12,972 hits)
Temporal Port Activity
Last 7 Days
mrozu (12,862 hits)
Temporal Port Activity
Last 7 Days
crwvg (12,862 hits)
Temporal Port Activity
Last 7 Days
sqepx (12,600 hits)
Temporal Port Activity
Last 7 Days
Location Information
Country:Netherlands (NL)
City:Amsterdam
Region:North Holland
Postal Code:1012
Timezone:Europe/Amsterdam
Network Information
ASN:AS57043
AS Name:HOSTKEY B.V.
Company:HOSTKEY B.V.
Domain:hostkey.com
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
AbuseIPDB Information
Abuse Confidence Score: AbuseIPDB 100% (High Risk)
nqatp - Targeted Ports
Temporal Port Activity
Last 7 Days
vqhav (6,267 hits)
Temporal Port Activity
Last 7 Days
crwvg (5,493 hits)
Temporal Port Activity
Last 7 Days
hvldm (1,481 hits)
Temporal Port Activity
Last 7 Days
pxiww (2 hits)
Temporal Port Activity
Last 7 Days
Location Information
Country:United States (US)
City:San Diego
Region:California
Postal Code:92101
Timezone:America/Los_Angeles
Network Information
ASN:AS7377
AS Name:University of California, San Diego
Company:University of California, San Diego
Domain:ucsd.edu
Privacy Information
Hosting:Unknown
Proxy:Unknown
VPN:Unknown
Tor:Unknown
AbuseIPDB Information
Abuse Confidence Score: AbuseIPDB 0% (Clean)
nqatp - Targeted Ports
Temporal Port Activity
Last 7 Days
Location Information
Country:China (CN)
City:Beijing
Region:Beijing
Postal Code:100000
Timezone:Asia/Shanghai
Network Information
ASN:AS4808
AS Name:China Unicom Beijing Province Network
Company:China Unicom Beijing province network
Domain:chinaunicom.cn
Privacy Information
Hosting:Unknown
Proxy:Unknown
VPN:Unknown
Tor:Unknown
AbuseIPDB Information
Abuse Confidence Score: AbuseIPDB 100% (High Risk)
nqatp - Targeted Ports
Temporal Port Activity
Last 7 Days
rynzs (51 hits)
Temporal Port Activity
Last 7 Days
alzae (1 hits)
Temporal Port Activity
Last 7 Days
xfqdm (1 hits)
Temporal Port Activity
Last 7 Days
Location Information
Country:France (FR)
City:Paris
Region:Île-de-France
Postal Code:75000
Timezone:Europe/Paris
Network Information
ASN:AS16509
AS Name:Amazon.com, Inc.
Company:Amazon Data Services France
Domain:amazon.com
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
AbuseIPDB Information
Abuse Confidence Score: AbuseIPDB 33% (Low Risk)
nqatp - Targeted Ports
Temporal Port Activity
Last 7 Days
isxku (1,903 hits)
Temporal Port Activity
Last 7 Days
qffay (1,836 hits)
Temporal Port Activity
Last 7 Days
sqepx (1,779 hits)
Temporal Port Activity
Last 7 Days
crwvg (1,709 hits)
Temporal Port Activity
Last 7 Days
alzae (1,682 hits)
Temporal Port Activity
Last 7 Days
tgcua (1,662 hits)
Temporal Port Activity
Last 7 Days
vqhav (1,655 hits)
Temporal Port Activity
Last 7 Days
deoyg (1,650 hits)
Temporal Port Activity
Last 7 Days
iafdz (1,506 hits)
Temporal Port Activity
Last 7 Days
Location Information
Country:Bulgaria (BG)
City:Sofia
Region:Sofia-Capital
Postal Code:1000
Timezone:Europe/Sofia
Network Information
ASN:AS50360
AS Name:Tamatiya EOOD
Company:Tamatiya EOOD
Domain:4vendeta.com
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
AbuseIPDB Information
Abuse Confidence Score: AbuseIPDB 100% (High Risk)
nqatp - Targeted Ports
Temporal Port Activity
Last 7 Days
fapnd (6,550 hits)
Temporal Port Activity
Last 7 Days
ludbp (3,330 hits)
Temporal Port Activity
Last 7 Days
xfqdm (3,297 hits)
Temporal Port Activity
Last 7 Days
vqhav (2,980 hits)
Temporal Port Activity
Last 7 Days
oxrwe (1,281 hits)
Temporal Port Activity
Last 7 Days
alzae (892 hits)
Temporal Port Activity
Last 7 Days
deoyg (840 hits)
Temporal Port Activity
Last 7 Days
crwvg (803 hits)
Temporal Port Activity
Last 7 Days
tgcua (759 hits)
Temporal Port Activity
Last 7 Days
qrukx (628 hits)
Temporal Port Activity
Last 7 Days
Location Information
Country:Netherlands (NL)
City:Lelystad
Region:Flevoland
Postal Code:8224
Timezone:Europe/Amsterdam
Network Information
ASN:AS214295
AS Name:SKYNET NETWORK LTD
Company:Limited Network LTD
Domain:btcloud.ro
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
AbuseIPDB Information
Abuse Confidence Score: AbuseIPDB 64% (Medium Risk)
nqatp - Targeted Ports
Temporal Port Activity
Last 7 Days
rynzs (1,410 hits)
Temporal Port Activity
Last 7 Days
Location Information
Country:Netherlands (NL)
City:Lelystad
Region:Flevoland
Postal Code:8224
Timezone:Europe/Amsterdam
Network Information
ASN:AS214295
AS Name:SKYNET NETWORK LTD
Company:Limited Network LTD
Domain:btcloud.ro
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
AbuseIPDB Information
Abuse Confidence Score: AbuseIPDB 72% (Medium Risk)
nqatp - Targeted Ports
Temporal Port Activity
Last 7 Days
rynzs (1,404 hits)
Temporal Port Activity
Last 7 Days
Location Information
Country:Netherlands (NL)
City:Lelystad
Region:Flevoland
Postal Code:8224
Timezone:Europe/Amsterdam
Network Information
ASN:AS214295
AS Name:SKYNET NETWORK LTD
Company:Limited Network LTD
Domain:btcloud.ro
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
AbuseIPDB Information
Abuse Confidence Score: AbuseIPDB 67% (Medium Risk)
nqatp - Targeted Ports
Temporal Port Activity
Last 7 Days
rynzs (1,392 hits)
Temporal Port Activity
Last 7 Days
Location Information
Country:Netherlands (NL)
City:Lelystad
Region:Flevoland
Postal Code:8224
Timezone:Europe/Amsterdam
Network Information
ASN:AS214295
AS Name:SKYNET NETWORK LTD
Company:Limited Network LTD
Domain:btcloud.ro
Privacy Information
Hosting:true
Proxy:true
VPN:
Tor:
AbuseIPDB Information
Abuse Confidence Score: AbuseIPDB 66% (Medium Risk)
nqatp - Targeted Ports
Temporal Port Activity
Last 7 Days
rynzs (1,398 hits)
Temporal Port Activity
Last 7 Days

Subnet Analysis (/24 Networks)

Unique Subnets

6,679

Distinct /24 networks with unwanted traffic

Ports Targeted by Subnets
Last 7 Days
Subnet Temporal Port Activity
Last 7 Days
Top Subnet Offenders
IPs in Subnet
IP Address Hit Count
162.216.150.107 202
162.216.150.157 193
162.216.150.186 159
162.216.150.21 156
162.216.150.97 156
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
147.185.133.58 239
147.185.133.248 180
147.185.133.207 160
147.185.133.122 154
147.185.133.149 154
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
35.203.211.64 221
35.203.211.91 166
35.203.211.90 163
35.203.211.234 159
35.203.211.83 153
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
35.203.210.84 316
35.203.210.189 154
35.203.210.171 147
35.203.210.231 142
35.203.210.29 141
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
162.216.149.225 243
162.216.149.230 155
162.216.149.25 149
162.216.149.193 146
162.216.149.47 140
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
206.189.105.53 9,541
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
147.185.132.250 188
147.185.132.95 147
147.185.132.142 141
147.185.132.140 140
147.185.132.130 121
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
46.17.96.38 7,897
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
79.124.40.158 967
79.124.40.138 906
79.124.40.150 774
79.124.40.154 772
79.124.40.142 745
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
45.142.193.90 1,321
45.142.193.191 1,309
45.142.193.131 1,294
45.142.193.18 1,283
45.142.193.51 242
Ports Targeted by This Subnet
Temporal Port Activity
Complete Endpoint Data Export
Download All LightScope Data For This Endpoint

Get the complete raw dataset for this endpoint in CSV format. This includes all network traffic data, timestamps, IP addresses, ports, and other collected intelligence from the lightscope_honeypot_included_data table.

  • Format: CSV (Comma-Separated Values)
  • Contents: All endpoint data ordered by most recent first
  • Use Case: Research, analysis, custom reporting, data science
  • Compatibility: Excel, Python pandas, R, SQL imports
Note: This download contains the raw data used to generate all dashboard visualizations and analytics. File size depends on the amount of traffic data collected for this endpoint.