HoneyLabs
iAnonymous lookups: 10/min, 60/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

ASN=202412

15 unique IPs · 16.3K events · 2 countries · 1 ASNs

Activity · last 7d

2026-06-24: 17 events2026-06-25: 223 events2026-06-26: 596 events2026-06-27: 3.3K events2026-06-28: 353 events2026-06-29: 3.3K events2026-06-30: 5.1K events2026-07-01: 3.4K events

peak 5.1K on 2026-06-30

Top source networks · click to refine

Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
RDP3588/*�Cookie: mstshash=Administr 1.5K · 2 IPs94.154.35.122 →
HTTP8083CONNECT check.easyproxy.xyz:443 HTTP/1.1 Host: check.easyproxy.xyz:443 User-Agent: Go-http-client/1.171130.12.180.52 →
-5555CNXN2����host::44130.12.180.65 →
HTTP443/HTTPSGET /
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
28 · 5 IPs178.16.55.161 →
-5555CNXN.�v����host::features=shell_v2,cmd,stat_v2,ls_v2,fixed_push_mkdir,apex,abb,fixed_push_symlink_timestamp,abb_exec,remount_shell,track_app,sendrecv_v2,sendrecv_v2_br…25146.19.125.54 →
HTTP80/HTTPGET /.env.save
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
18130.12.180.77 →
HTTP80/HTTPGET /s3/.env
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
18130.12.180.77 →
HTTP80/HTTPGET /.env
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
17130.12.180.77 →
HTTP80/HTTPGET /terraform.tf.old
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
13130.12.180.77 →
HTTP80/HTTPGET /terraform.tf.save
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
13130.12.180.77 →
HTTP80/HTTPGET /terraform.tf.swp
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
12130.12.180.77 →
HTTP80/HTTPGET /.git/config
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
12 · 2 IPs130.12.180.77 →
IPCountryASNTop portsEvents
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.