Last 24 hours · Apr 11, 2026 00:00 – Apr 12, 2026 00:00 UTC Demonstration Mode (synthetic data) Generated: 2026-04-12 00:00:32 UTC

Radial Sonar

Network Activity by Protocol & Risk

dns · 17smb · 16tls · 16http · 14mqtt · 3dnp3 · 2icmp · 2modbus · 2ssh · 2ftp · 1rdp · 1smtp · 110.1.8.13 → 1.1.1.1 | dns | 14200 bytes10.169.112.51 → 104.18.32.68 | tls | 82400 bytes10.1.40.22 → 23.235.46.133 | http | 28100 bytes10.6.19.21 → 192.0.2.18 | ftp | 14200 bytes10.10.50.12 → 10.1.8.50 | ssh | 8400 bytes10.10.50.12 → 10.1.8.13 | ssh | 8400 bytes10.1.8.22 → 10.10.1.5 | smb | 8400 bytes10.1.8.35 → 10.10.1.5 | smb | 8400 bytes10.1.8.77 → 10.10.1.5 | smb | 8400 bytes10.1.12.100 → 10.1.12.1 | icmp | 8400 bytes10.169.111.12 → 10.169.111.1 | icmp | 8400 bytes10.100.1.50 → 10.100.1.10 | modbus | 8400 bytes10.100.1.50 → 10.100.1.11 | modbus | 8400 bytes10.100.1.51 → 10.100.1.20 | dnp3 | 8400 bytes10.100.1.51 → 10.100.1.21 | dnp3 | 8400 bytes10.100.1.60 → 10.100.1.30 | mqtt | 8400 bytes10.100.1.60 → 10.100.1.31 | mqtt | 8400 bytes10.100.1.61 → 10.100.1.30 | mqtt | 8400 bytes10.1.8.50 → 8.8.8.8 | dns | 4200 bytes10.1.8.13 → 8.8.4.4 | dns | 4337 bytes10.1.12.100 → 1.1.1.1 | dns | 4474 bytes10.6.19.21 → 9.9.9.9 | dns | 4611 bytes10.169.111.12 → 1.0.0.1 | dns | 4748 bytes10.169.112.15 → 8.8.8.8 | dns | 4885 bytes172.16.4.10 → 8.8.4.4 | dns | 5022 bytes10.1.40.22 → 1.1.1.1 | dns | 5159 bytes10.20.5.18 → 8.8.8.8 | dns | 5296 bytes10.30.10.5 → 8.8.4.4 | dns | 5433 bytes10.30.10.6 → 1.1.1.1 | dns | 5570 bytes10.50.20.4 → 8.8.8.8 | dns | 5707 bytes10.50.20.5 → 1.1.1.1 | dns | 5844 bytes10.10.1.5 → 8.8.4.4 | dns | 5981 bytes10.1.8.50 → 13.107.42.14 | tls | 6118 bytes10.1.8.13 → 142.250.80.46 | tls | 6255 bytes10.169.112.51 → 104.18.32.68 | tls | 6392 bytes10.1.12.100 → 52.96.166.130 | tls | 6529 bytes10.6.19.21 → 151.101.1.140 | tls | 6666 bytes172.16.4.10 → 185.199.108.153 | tls | 6803 bytes10.30.10.5 → 172.217.14.99 | tls | 6940 bytes10.30.10.6 → 23.235.46.133 | tls | 7077 bytes10.50.20.4 → 198.41.128.100 | tls | 7214 bytes10.50.20.5 → 93.184.216.34 | tls | 7351 bytes10.169.111.12 → 13.107.42.14 | tls | 7488 bytes10.169.112.15 → 142.250.80.46 | tls | 7625 bytes10.1.40.22 → 104.18.32.68 | tls | 7762 bytes10.20.5.18 → 52.96.166.130 | tls | 7899 bytes10.1.8.50 → 13.107.42.14 | http | 8036 bytes10.1.8.13 → 142.250.80.46 | http | 8173 bytes10.169.112.51 → 104.18.32.68 | http | 8310 bytes10.1.12.100 → 52.96.166.130 | http | 8447 bytes10.6.19.21 → 151.101.1.140 | http | 8584 bytes172.16.4.10 → 185.199.108.153 | http | 8721 bytes10.30.10.5 → 172.217.14.99 | http | 8858 bytes10.30.10.6 → 23.235.46.133 | http | 8995 bytes10.50.20.4 → 198.41.128.100 | http | 9132 bytes10.50.20.5 → 93.184.216.34 | http | 9269 bytes10.30.10.7 → 13.107.42.14 | http | 9406 bytes10.30.10.8 → 142.250.80.46 | http | 9543 bytes10.1.8.22 → 10.10.1.5 | smb | 9680 bytes10.1.8.35 → 10.10.1.5 | smb | 9817 bytes10.1.8.77 → 10.10.1.5 | smb | 9954 bytes10.169.111.44 → 10.10.1.5 | smb | 10091 bytes10.169.112.15 → 10.10.1.5 | smb | 10228 bytes10.1.12.88 → 10.10.1.5 | smb | 10365 bytes10.1.12.203 → 10.10.1.5 | smb | 10502 bytes10.6.19.21 → 10.10.1.5 | smb | 10639 bytes10.4.18.15 → 10.10.1.5 | smb | 10776 bytes10.4.18.22 → 10.10.1.5 | smb | 10913 bytes10.2.5.18 → 10.10.1.5 | smb | 11050 bytes10.30.10.9 → 10.10.1.5 | smb | 11187 bytes10.30.10.11 → 10.10.1.5 | smb | 11324 bytes10.4.18.15 → 8.8.8.8 | dns | 11461 bytes10.4.18.22 → 104.18.32.68 | tls | 11598 bytes10.1.8.50 → 8.8.8.8 | dns | 842000 bytes ET MALWARE DNS Tunneling Detected203.0.113.5 → 10.10.50.12 | rdp | 12400 bytes ET SCAN RDP Brute Force Attempt10.20.5.18 → 185.220.101.34 | smtp | 4280000 bytes ET POLICY Outbound SMTP Large Transfer10.1.12.88 → 45.142.213.18 | http | 2100 bytes ET TROJAN C2 Beacon HTTP Pattern
Normal 59Internal 14Suspect 0Alert 4Threshold (65%)

Center = benign · outer ring = high-risk. Spokes are protocols sorted by frequency. Hover any point for detail.

IP Reputation

Destination IPs with elevated AbuseIPDB reputation scores. Higher scores indicate greater risk.

IP Reputation 8 rows
Destination IP Country Organization Risk Score Flows Internal Clients Total MB
198.51.100.200 RU Bulletproof Hosting Ltd 98 4,284 12 847.3
203.0.113.88 CN Shady VPS Provider 94 2,847 8 423.1
198.51.100.55 IR Unknown ISP 87 1,284 4 284.7
203.0.113.142 KP State Telecom 82 847 2 142.3
198.51.100.77 RU DDoS-Guard 76 642 6 98.4
203.0.113.201 BR Compromised Network 68 384 3 64.2
198.51.100.33 UA Suspicious Hosting 54 247 2 42.8
203.0.113.19 VN Cloud Provider 42 184 1 28.4

Beaconing Candidates

Connections with highly regular intervals (low coefficient of variation), a common indicator of C2 communication.

Beaconing Candidates 5 rows
Source IP Destination IP Port Connections Avg Interval (s) Stddev (s) CoV
10.1.8.50 198.51.100.47 443 1,440 60.2 1.8 0.030
10.169.112.51 203.0.113.88 8443 720 120.1 4.2 0.035
10.1.8.13 198.51.100.12 443 480 180.3 8.7 0.048
10.6.19.21 203.0.113.201 80 288 300.0 12.4 0.041
172.16.4.10 198.51.100.99 443 96 900.5 42.1 0.047

Large Outbound Transfers

Flows exceeding 100 MB outbound that may indicate data exfiltration.

Large Outbound Transfers 5 rows
Source IP Destination IP Port Country Organization Protocol Sent MB Duration (s)
10.1.8.50 198.51.100.47 443 US Unknown VPS tls 2,847.3 3,600
10.169.112.51 91.189.88.142 443 GB Canonical tls 1,284.7 7,200
10.1.8.13 52.96.166.130 443 US Amazon AWS tls 847.2 1,800
10.6.19.21 104.18.32.68 443 US Cloudflare tls 534.8 2,400
10.1.12.100 185.199.108.4 443 NL GitHub tls 384.1 900

DGA Candidates

DGA Candidates 3 rows
Source IP Total Queries NXDOMAIN NXDOMAIN %
10.1.8.50 4,284 2,847 66.5
10.169.112.51 2,847 1,284 45.1
10.6.19.21 1,847 623 33.7

DNS Tunneling Candidates

DNS Tunneling Candidates 5 rows
Source IP Domain Length Queries
10.1.8.50 aGVsbG8gd29ybGQ.data.c2-exfil-tunnel.suspicious-domain.net 72 847
10.1.8.50 dGhpcyBpcyBhIHRlc3Q.beacon.c2-exfil-tunnel.suspicious-domain.net 78 623
10.169.112.51 _ldap._tcp.dc1.ad.corp.contoso.com._msdcs.corp.contoso.com 68 284
10.1.8.13 adrev-ingress.ad-rev-dev-production-us-east1.gke-svc.example.com 74 142
10.6.19.21 pplx-browser-binaries.a0adf9b772aecba4.r2.cloudflarestorage.com 70 98

Port Scanning Activity

Hosts probing more than 20 unique ports on a single destination.

Port Scanning Activity 3 rows
Source IP Destination IP Ports Scanned Flows First Seen Last Seen
198.51.100.88 10.1.8.0/24 1,284 2,847 2026-04-11T06:00:32 2026-04-11T22:00:32
203.0.113.142 10.169.112.0/24 847 1,623 2026-04-11T12:00:32 2026-04-11T20:00:32
198.51.100.201 172.16.4.0/24 423 847 2026-04-11T16:00:32 2026-04-11T18:00:32

Suspicious User Agents

HTTP requests using tool-based or known-malicious user agent strings.

Suspicious User Agents 5 rows
Source IP User Agent Requests Unique Hosts
10.1.8.50 python-requests/2.31.0 4,284 142
10.169.112.51 curl/8.4.0 1,847 84
10.6.19.21 Go-http-client/1.1 847 42
10.1.8.13 Wget/1.21 384 28
172.16.4.10 Mozilla/4.0 (compatible; MSIE 6.0) 142 12