Last 24 hours
Generated 2026-02-17 06:31:44 UTC
IP Reputation
Destination IPs with elevated AbuseIPDB reputation scores. Higher scores indicate greater risk.
IP Reputation
8 rows
| Destination IP | Country | Organization | Risk Score | Flows | Internal Clients | Total MB |
|---|---|---|---|---|---|---|
| 198.51.100.200 | RU | Bulletproof Hosting Ltd | 98 | 4,284 | 12 | 847.3 |
| 203.0.113.88 | CN | Shady VPS Provider | 94 | 2,847 | 8 | 423.1 |
| 198.51.100.55 | IR | Unknown ISP | 87 | 1,284 | 4 | 284.7 |
| 203.0.113.142 | KP | State Telecom | 82 | 847 | 2 | 142.3 |
| 198.51.100.77 | RU | DDoS-Guard | 76 | 642 | 6 | 98.4 |
| 203.0.113.201 | BR | Compromised Network | 68 | 384 | 3 | 64.2 |
| 198.51.100.33 | UA | Suspicious Hosting | 54 | 247 | 2 | 42.8 |
| 203.0.113.19 | VN | Cloud Provider | 42 | 184 | 1 | 28.4 |
Beaconing Candidates
Connections with highly regular intervals (low coefficient of variation), a common indicator of C2 communication.
Beaconing Candidates
5 rows
| Source IP | Destination IP | Port | Connections | Avg Interval (s) | Stddev (s) | CoV |
|---|---|---|---|---|---|---|
| 10.1.8.50 | 198.51.100.47 | 443 | 1,440 | 60.2 | 1.8 | 0.030 |
| 10.169.112.51 | 203.0.113.88 | 8443 | 720 | 120.1 | 4.2 | 0.035 |
| 10.1.8.13 | 198.51.100.12 | 443 | 480 | 180.3 | 8.7 | 0.048 |
| 10.6.19.21 | 203.0.113.201 | 80 | 288 | 300.0 | 12.4 | 0.041 |
| 172.16.4.10 | 198.51.100.99 | 443 | 96 | 900.5 | 42.1 | 0.047 |
Large Outbound Transfers
Flows exceeding 100 MB outbound that may indicate data exfiltration.
Large Outbound Transfers
5 rows
| Source IP | Destination IP | Port | Country | Organization | Protocol | Sent MB | Duration (s) |
|---|---|---|---|---|---|---|---|
| 10.1.8.50 | 198.51.100.47 | 443 | US | Unknown VPS | tls | 2,847.3 | 3,600 |
| 10.169.112.51 | 91.189.88.142 | 443 | GB | Canonical | tls | 1,284.7 | 7,200 |
| 10.1.8.13 | 52.96.166.130 | 443 | US | Amazon AWS | tls | 847.2 | 1,800 |
| 10.6.19.21 | 104.18.32.68 | 443 | US | Cloudflare | tls | 534.8 | 2,400 |
| 10.1.12.100 | 185.199.108.4 | 443 | NL | GitHub | tls | 384.1 | 900 |
DGA Candidates
DGA Candidates
3 rows
| Source IP | Total Queries | NXDOMAIN | NXDOMAIN % |
|---|---|---|---|
| 10.1.8.50 | 4,284 | 2,847 | 66.5 |
| 10.169.112.51 | 2,847 | 1,284 | 45.1 |
| 10.6.19.21 | 1,847 | 623 | 33.7 |
DNS Tunneling Candidates
DNS Tunneling Candidates
5 rows
| Source IP | Domain | Length | Queries |
|---|---|---|---|
| 10.1.8.50 | aGVsbG8gd29ybGQ.data.c2-exfil-tunnel.suspicious-domain.net | 72 | 847 |
| 10.1.8.50 | dGhpcyBpcyBhIHRlc3Q.beacon.c2-exfil-tunnel.suspicious-domain.net | 78 | 623 |
| 10.169.112.51 | _ldap._tcp.dc1.ad.corp.contoso.com._msdcs.corp.contoso.com | 68 | 284 |
| 10.1.8.13 | adrev-ingress.ad-rev-dev-production-us-east1.gke-svc.example.com | 74 | 142 |
| 10.6.19.21 | pplx-browser-binaries.a0adf9b772aecba4.r2.cloudflarestorage.com | 70 | 98 |
Port Scanning Activity
Hosts probing more than 20 unique ports on a single destination.
Port Scanning Activity
3 rows
| Source IP | Destination IP | Ports Scanned | Flows | First Seen | Last Seen |
|---|---|---|---|---|---|
| 198.51.100.88 | 10.1.8.0/24 | 1,284 | 2,847 | 2026-02-16T12:31:44 | 2026-02-17T04:31:44 |
| 203.0.113.142 | 10.169.112.0/24 | 847 | 1,623 | 2026-02-16T18:31:44 | 2026-02-17T02:31:44 |
| 198.51.100.201 | 172.16.4.0/24 | 423 | 847 | 2026-02-16T22:31:44 | 2026-02-17T00:31:44 |
Suspicious User Agents
HTTP requests using tool-based or known-malicious user agent strings.
Suspicious User Agents
5 rows
| Source IP | User Agent | Requests | Unique Hosts |
|---|---|---|---|
| 10.1.8.50 | python-requests/2.31.0 | 4,284 | 142 |
| 10.169.112.51 | curl/8.4.0 | 1,847 | 84 |
| 10.6.19.21 | Go-http-client/1.1 | 847 | 42 |
| 10.1.8.13 | Wget/1.21 | 384 | 28 |
| 172.16.4.10 | Mozilla/4.0 (compatible; MSIE 6.0) | 142 | 12 |