This page summarises IP addresses observed in firewall events during the window: 21 Feb 2026 00:00 GMT → 28 Feb 2026 00:00 GMT (exclusive end). Generated: 01 Mar 2026 01:00 GMT.
Summary
“Events” are logged firewall events and “Unique IPs” are distinct IPs seen.
- Total events: 367
- Unique IPs: 131
- Inbound events: 367
- Outbound events: 0
- Inbound IPs: 131
- Outbound IPs: 0
Top observed IPs
“Hits” is the number of events associated with the IP in this window. Direction is inbound/outbound classification.
| IP | Direction | Hits | Country | ISP | Score | Category |
|---|---|---|---|---|---|---|
| 87.120.191.67 | Inbound | 84 | NL | Dedicated Servers and VPS Hosting by VPSVAULT.HOST | 100 | unknown |
| 176.65.132.94 | Inbound | 52 | DE | VMHeaven.io | 100 | unknown |
| 204.76.203.73 | Inbound | 17 | NL | Intelligence Hosting LLC | 100 | unknown |
| 204.76.203.215 | Inbound | 11 | NL | Intelligence Hosting LLC | 100 | web |
| 167.71.3.101 | Inbound | 10 | NL | DigitalOcean, LLC | 100 | unknown |
| 221.159.119.6 | Inbound | 6 | KR | Korea Telecom | 100 | web |
| 162.142.125.112 | Inbound | 4 | US | Censys, Inc. | 0 | other |
| 162.142.125.125 | Inbound | 4 | US | Censys, Inc. | 0 | other |
| 167.94.138.179 | Inbound | 4 | US | Censys, Inc. | 0 | other |
| 167.94.138.59 | Inbound | 4 | US | Censys, Inc. | 0 | unknown |
| 66.132.153.114 | Inbound | 4 | US | Censys, Inc. | 100 | other |
| 185.220.101.138 | Inbound | 3 | DE | CIA TRIAD SECURITY LLC | 100 | unknown |
| 185.220.101.167 | Inbound | 3 | DE | CIA TRIAD SECURITY LLC | 97 | unknown |
| 87.242.118.68 | Inbound | 3 | RU | Cloud Technologies LLC trading as Cloud.ru | 100 | unknown |
| 167.94.138.47 | Inbound | 2 | US | Censys, Inc. | 0 | other |
| 199.45.155.95 | Inbound | 2 | HK | Censys, Inc. | 100 | compromised_suspicious |
| 206.168.34.40 | Inbound | 2 | US | Censys, Inc. | 100 | other |
| 36.154.50.214 | Inbound | 2 | CN | China Mobile Communications Corporation | 100 | unknown |
| 51.158.205.47 | Inbound | 2 | NL | Scaleway – Amsterdam, Netherlands | 100 | other |
| 83.168.68.72 | Inbound | 2 | PL | Virtual Dedicated Server | 100 | unknown |
Events by country and network
Country is the best available country code for the IP, while Network/ISP is the name of the network owner. Counts represent event totals, not the number of organisations impacted.
| Country | Events |
|---|---|
| NL | 126 |
| US | 126 |
| DE | 63 |
| CN | 7 |
| HK | 7 |
| KR | 7 |
| PL | 4 |
| IN | 3 |
| RU | 3 |
| PAK | 2 |
| Network/ISP | Events |
|---|---|
| Censys, Inc. | 92 |
| Dedicated Servers and VPS Hosting by VPSVAULT.HOST | 84 |
| VMHeaven.io | 52 |
| Intelligence Hosting LLC | 28 |
| Microsoft Corporation | 25 |
| DigitalOcean, LLC | 12 |
| Unknown | 10 |
| Korea Telecom | 7 |
| Microsoft Limited | 7 |
| CIA TRIAD SECURITY LLC | 6 |
Scores and categories
Score is a signal value attached to an IP when available; a higher score usually indicates stronger indicators from the sources feeding this dataset. It is important to note that this score does not guarantee impact or compromise on your environment. Categories are labels assigned to the IPs when available, with “Unknown” indicating no label was present.
| Score Range | Count |
|---|---|
| 0-19 | 72 |
| 20-39 | 1 |
| 40-59 | 2 |
| 60-79 | 1 |
| 80-100 | 291 |
| Category | Count |
|---|---|
| unknown | 271 |
| other | 62 |
| web | 19 |
| compromised_suspicious | 13 |
| auth | 1 |
| exploit_web | 1 |
This page is updated daily.