HoneyLabs
iAnonymous lookups: 10/min, 60/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

ASN=204428

6 unique IPs · 4.2K events · 1 countries · 1 ASNs

Activity · last 7d

2026-06-24: 38 events2026-06-25: 179 events2026-06-26: 241 events2026-06-27: 423 events2026-06-28: 348 events2026-06-29: 508 events2026-06-30: 1.9K events2026-07-01: 546 events

peak 1.9K on 2026-06-30

Top source networks · click to refine

Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
RDP333/*�Cookie: mstshash=Administr 3.2K · 4 IPs80.94.95.43 →
RDP3389/RDPRDP (X.224)03 00 00 13 0e e0 00 00 00 00 00 01 00 08 00 03 00 00 0031080.94.95.34 →
HTTP80/HTTPGET /.env
UA: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22
2480.94.95.211 →
HTTP80/HTTPGET /sendgrid/.env.php
UA: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22
2380.94.95.211 →
HTTP80/HTTPGET /.env.sample.php
UA: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22
2380.94.95.211 →
HTTP80/HTTPGET /var/.env.local.php
UA: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22
2380.94.95.211 →
HTTP80/HTTPGET /.env.php.bak
UA: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22
2380.94.95.211 →
HTTP80/HTTPGET /.env.php.backup
UA: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22
2380.94.95.211 →
HTTP80/HTTPGET /config.dev.php
UA: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22
2380.94.95.211 →
HTTP80/HTTPGET /.env.example.php
UA: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22
2380.94.95.211 →
HTTP80/HTTPGET /twilio/.env.php
UA: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22
2380.94.95.211 →
HTTP80/HTTPGET /.env.production.php
UA: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22
2380.94.95.211 →
IPCountryASNTop portsEvents
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.