HoneyLabs
iAnonymous lookups: 30/hr per source IP. Sign in (free) to lift the limit, run heavier queries, and get an API key for MCP / HTTP.

Filtered actors

country=UA

66 unique IPs · 5.5K events · 1 countries · 41 ASNs

Activity · last 7d

2026-06-27: 502 events2026-06-28: 494 events2026-06-29: 1.4K events2026-06-30: 1.8K events2026-07-01: 589 events2026-07-02: 620 events2026-07-03: 44 events2026-07-04: 41 events

peak 1.8K on 2026-06-30

Top source networks · click to refine

Refine
Turn this query into a daily email digest or an IOC feed URL.Save as feed

Sample payloads

top distinct probes matching this query
ProtocolPortProbe / payloadHitsExample
RDP4593/*�Cookie: mstshash=Administr 1.4K · 2 IPs185.156.73.157 →
SOCKS5135/MSRPCSOCKS505 00 0b 03 10 00 00 00 74 00 00 00 02 00 00 00 d0 16 d0 16 00 00 00 00 …(116 bytes)51146.201.77.194 →
-23/Telnet0d 0a13294.154.43.158 →
-23/Telnetadmin8894.154.43.158 →
-23/Telnetroot8694.154.43.158 →
HTTP21/FTPGET http://146.56.180.42:3333/
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
8594.154.43.36 →
HTTP80/HTTPGET /
UA: Shodan-Pull/1.0
56 · 3 IPs94.154.43.66 →
HTTP3000/Web-altPOST /
UA: Mozilla/5.0
4794.154.43.12 →
HTTP443/HTTPSGET /.env
UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
37 · 3 IPs77.83.39.197 →
-445/SMB00 00 00 63 ff 53 4d 42 73 00 00 00 00 18 01 20 00 00 00 00 00 00 00 00 …(103 bytes)34 · 26 IPs195.43.71.130 →
-445/SMBT�SMBr(/K�^1LANMAN1.0LM1.2X002NT LANMAN 1.0NT LM 0.1234 · 26 IPs195.43.71.130 →
-445/SMB00 00 00 4a ff 53 4d 42 25 00 00 00 00 18 01 28 00 00 00 00 00 00 00 00 …(78 bytes)34 · 26 IPs195.43.71.130 →
IPCountryASNTop portsEvents
Showing top 50 by event count. Window is the last 7d. Add or remove filters by clicking any value on a per-IP report.