scythe-d624f767 SESSION-e3c6dfcfc9e8d03b
18 PCAPs • 211 sessions • 119 hosts • 119 🌍 geolocated
▶ 📄 capture_20260505020001.pcap 267.1 KB • 18 sessions • ICMP:9 TCP:6 UDP:3
▶ 📄 capture_20260505030001.pcap 2.7 KB • 9 sessions • UDP:2 TCP:3 ICMP:4
▶ 📄 capture_20260505040001.pcap 30.8 KB • 12 sessions • UDP:5 TCP:6 ICMP:1
▶ 📄 capture_20260505050001.pcap 17.0 KB • 4 sessions • UDP:2 TCP:2
▶ 📄 capture_20260505060001.pcap 18.0 KB • 18 sessions • ICMP:9 UDP:2 TCP:7
▶ 📄 capture_20260505070001.pcap 15.2 KB • 7 sessions • UDP:2 ICMP:3 TCP:2
▶ 📄 capture_20260505080001.pcap 8.3 KB • 7 sessions • UDP:5 TCP:1 ICMP:1
▶ 📄 capture_20260505090001.pcap 2.8 KB • 9 sessions • UDP:2 TCP:1 ICMP:6
▶ 📄 capture_20260505100001.pcap 41.7 KB • 12 sessions • ICMP:4 TCP:5 UDP:3
▶ 📄 capture_20260505110001.pcap 2.9 KB • 8 sessions • ICMP:5 UDP:2 TCP:1
▶ 📄 capture_20260505120001.pcap 28.0 KB • 18 sessions • ICMP:9 UDP:4 TCP:5
▶ 📄 capture_20260505130001.pcap 10.5 KB • 7 sessions • TCP:3 UDP:2 ICMP:2
▶ 📄 capture_20260505140001.pcap 4.6 KB • 19 sessions • ICMP:16 UDP:2 TCP:1
▶ 📄 capture_20260505150001.pcap 10.3 KB • 16 sessions • UDP:2 ICMP:10 TCP:4
▶ 📄 capture_20260505160001.pcap 4.4 KB • 12 sessions • ICMP:8 UDP:2 TCP:2
▶ 📄 capture_20260505170001.pcap 38.2 KB • 19 sessions • ICMP:9 UDP:2 TCP:8
▶ 📄 capture_20260505180001.pcap 7.4 KB • 7 sessions • ICMP:4 UDP:2 TCP:1
▶ 📄 capture_20260505190001.pcap 71.1 KB • 9 sessions • TCP:4 UDP:5
🌐 INFRA FLOW
Paths: 67
Physical: 67
Synthetic: 0
Cables: 11
IX: 6
Conflicts: 0
CSI: 0
Cascades: 0
👻 Phantoms: 0
Kill Chain: 0
⚡ IX AS16509 → AS1322033 hops · 0%
AS16509 → AS3356 → AS132203
⚡ Equinix Singapore
13259 km
✓ PHYSICAL🔗 CABLE AS16509 → AS162763 hops · 0%
AS16509 → AS3356 → AS16276
🔗 Pacific Crossing-1
8086 km
AS16509 → AS80753 hops · 0%
AS16509 → AS3356 → AS8075
3557 km
✓ PHYSICAL🔗 CABLE⚡ IX AS16509 → AS146183 hops · 0%
AS16509 → AS3356 → AS14618
🔗 Pacific Crossing-1
⚡ Equinix Ashburn
3503 km
AS16509 → AS80753 hops · 0%
AS16509 → AS3356 → AS8075
2596 km
AS16509 → AS80753 hops · 0%
AS16509 → AS3356 → AS8075
1523 km
✓ PHYSICAL🔗 CABLE AS16509 → AS41343 hops · 0%
AS16509 → AS3356 → AS4134
🔗 Pacific Crossing-1
9573 km
⚡ IX AS132203 → AS165093 hops · 0%
AS132203 → AS3356 → AS16509
⚡ Equinix Singapore
13183 km
⚡ IX AS132203 → AS165093 hops · 0%
AS132203 → AS3356 → AS16509
⚡ Equinix Singapore
9921 km
✓ PHYSICAL🔗 CABLE⚡ IX AS132203 → AS162763 hops · 0%
AS132203 → AS3356 → AS16276
🔗 SEA-ME-WE 6
⚡ Equinix Singapore
10735 km
✓ PHYSICAL🔗 CABLE⚡ IX AS132203 → AS80753 hops · 0%
AS132203 → AS3356 → AS8075
🔗 AAG (Asia-America Gateway)
⚡ Equinix Singapore
15786 km
✓ PHYSICAL🔗 CABLE⚡ IX AS132203 → AS146183 hops · 0%
AS132203 → AS3356 → AS14618
🔗 AAG (Asia-America Gateway)
⚡ Equinix Singapore, Equinix Ashburn
15526 km
✓ PHYSICAL🔗 CABLE⚡ IX AS132203 → AS165093 hops · 0%
AS132203 → AS3356 → AS16509
🔗 AAG (Asia-America Gateway)
⚡ Equinix Singapore, Equinix SV (Palo Alto)
13650 km
✓ PHYSICAL🔗 CABLE⚡ IX AS132203 → AS80753 hops · 0%
AS132203 → AS3356 → AS8075
🔗 AAG (Asia-America Gateway)
⚡ Equinix Singapore
15855 km
✓ PHYSICAL🔗 CABLE⚡ IX AS132203 → AS80753 hops · 0%
AS132203 → AS3356 → AS8075
🔗 AAG (Asia-America Gateway)
⚡ Equinix Singapore
14625 km
⚡ IX AS132203 → AS165093 hops · 0%
AS132203 → AS3356 → AS16509
⚡ Equinix Singapore
11205 km
⚡ IX AS132203 → AS41342 hops · 0%
AS132203 → AS4134
⚡ Equinix Singapore
3860 km
⚡ IX AS132203 → AS165093 hops · 0%
AS132203 → AS3356 → AS16509
⚡ Equinix Singapore
6300 km
⚡ IX AS132203 → AS165093 hops · 0%
AS132203 → AS3356 → AS16509
⚡ Equinix Singapore
15374 km
✓ PHYSICAL🔗 CABLE AS16509 → AS162763 hops · 0%
AS16509 → AS3356 → AS16276
🔗 Pacific Crossing-1
7375 km
[4:16:39 PM] ✓ 67 paths · 0 synthetic
🧠 CLUSTER INTEL
Clusters: 35
Threats: 2
RF emitters: 0
UAVs: 0
C2: 0
⚫ Quiet
HIGH 60%
Cluster: swarm-f3cc76ff
Nodes: 10
Behavior: MIXED
ASN: AS26832 — Rica Web Services
Country: CA
Mobility: Fixed infrastructure
Location: 45.488°, -73.599° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS26832 — Rica Web Services (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS26832 (Rica Web Services) ⚠ mixed infra (4 ASNs, 25% confidence) · Jurisdiction: CA
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
→ [MEDIUM] ANALYZE_MULTI_ASN: 4 distinct ASNs in cluster — mixed infrastructure indicates distributed operation
⚫ Quiet
HIGH 60%
Cluster: swarm-ba7f8443
Nodes: 13
Behavior: MIXED
ASN: AS16509 — Amazon.com, Inc.
Infra: Hyperscaler (33% conf) · 4 ASNs
Country: US
Mobility: Fixed infrastructure
Location: 45.840°, -119.705° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS16509 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS16509 (Amazon.com, Inc.) [Hyperscaler] ⚠ mixed infra (4 ASNs, 33% confidence) · Jurisdiction: US
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
→ [MEDIUM] ANALYZE_MULTI_ASN: 4 distinct ASNs in cluster — mixed infrastructure indicates distributed operation
⚫ Quiet
MEDIUM 50%
Cluster: swarm-c108ff10
Nodes: 18
Behavior: MIXED
ASN: AS132203 — Tencent Building, Kejizhongyi Avenue
Infra: Hyperscaler (50% conf) · 4 ASNs
Country: SG
Mobility: Fixed infrastructure
Location: 1.306°, 103.838° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS132203 — Tencent Building, Kejizhongyi Avenue (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS132203 (Tencent Building, Kejizhongyi Avenue) [Hyperscaler] · Jurisdiction: SG
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-eea8f7a5
Nodes: 5
Behavior: MIXED
ASN: AS31377 — Akamai Connected Cloud
Infra: Edge CDN (100% conf)
Country: US
Mobility: Fixed infrastructure
Location: 41.883°, -87.630° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS31377 — Akamai Connected Cloud (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS31377 (Akamai Connected Cloud) [Edge CDN] · Jurisdiction: US
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-418188e5
Nodes: 7
Behavior: MIXED
ASN: AS16509 — Amazon.com, Inc.
Infra: Hyperscaler (67% conf) · 2 ASNs
Country: CA
Mobility: Fixed infrastructure
Location: 51.050°, -114.088° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS16509 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS16509 (Amazon.com, Inc.) [Hyperscaler] · Jurisdiction: CA
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-390f6cef
Nodes: 25
Behavior: MIXED
ASN: AS16509 — Amazon.com, Inc.
Infra: Hyperscaler (100% conf)
Country: DE
Mobility: Fixed infrastructure
Location: 52.520°, 13.407° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS16509 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS16509 (Amazon.com, Inc.) [Hyperscaler] · Jurisdiction: DE
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-ded8abbd
Nodes: 9
Behavior: MIXED
ASN: AS48090 — Techoff Srv Limited
Country: NL
Mobility: Fixed infrastructure
Location: 52.376°, 4.897° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS48090 — Techoff Srv Limited (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS48090 (Techoff Srv Limited) · Jurisdiction: NL
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-b8afacf0
Nodes: 6
Behavior: MIXED
ASN: AS16276 — OVH SAS
Infra: VPS Provider (50% conf) · 2 ASNs
Country: FR
Mobility: Fixed infrastructure
Location: 48.857°, 2.344° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS16276 — OVH SAS (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS16276 (OVH SAS) [VPS Provider] · Jurisdiction: FR
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-eba7d729
Nodes: 9
Behavior: MIXED
ASN: AS8075 — Microsoft Corporation
Infra: Hyperscaler (100% conf)
Country: US
Mobility: Fixed infrastructure
Location: 36.669°, -78.388° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS8075 — Microsoft Corporation (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS8075 (Microsoft Corporation) [Hyperscaler] · Jurisdiction: US
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-61e1337e
Nodes: 35
Behavior: MIXED
ASN: AS14618 — Amazon.com, Inc.
Infra: Hyperscaler (71% conf) · 4 ASNs
Country: US
Mobility: Fixed infrastructure
Location: 39.047°, -77.490° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS14618 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS14618 (Amazon.com, Inc.) [Hyperscaler] · Jurisdiction: US
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-81c243b4
Nodes: 3
Behavior: MIXED
ASN: AS55720 — Gigabit Hosting Sdn Bhd
Country: MY
Mobility: Fixed infrastructure
Location: 3.140°, 101.701° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS55720 — Gigabit Hosting Sdn Bhd (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS55720 (Gigabit Hosting Sdn Bhd) · Jurisdiction: MY
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-29cc34ed
Nodes: 3
Behavior: MIXED
ASN: AS6167 — Verizon Business
Infra: ISP (100% conf)
Country: US
Mobility: Fixed infrastructure
Location: 29.812°, -95.521° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS6167 — Verizon Business (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS6167 (Verizon Business) [ISP] · Jurisdiction: US
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-0c174242
Nodes: 11
Behavior: MIXED
ASN: AS47890 — Unmanaged Ltd
Country: RO
Mobility: Fixed infrastructure
Location: 45.997°, 24.997° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS47890 — Unmanaged Ltd (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS47890 (Unmanaged Ltd) · Jurisdiction: RO
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-c1d470a8
Nodes: 3
Behavior: MIXED
ASN: AS200019 — Alexhost Srl
Country: MD
Mobility: Fixed infrastructure
Location: 47.019°, 28.813° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS200019 — Alexhost Srl (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS200019 (Alexhost Srl) · Jurisdiction: MD
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-5c2e3a0a
Nodes: 9
Behavior: MIXED
ASN: AS41231 — Canonical Group Limited
Country: GB
Mobility: Fixed infrastructure
Location: 51.496°, -0.122° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS41231 — Canonical Group Limited (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS41231 (Canonical Group Limited) · Jurisdiction: GB
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-0ad0ed50
Nodes: 3
Behavior: MIXED
ASN: AS2514 — GMO-Z.com Runsystem Joint Stock Company
Country: VN
Mobility: Fixed infrastructure
Location: 16.167°, 107.833° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS2514 — GMO-Z.com Runsystem Joint Stock Company (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS2514 (GMO-Z.com Runsystem Joint Stock Company) · Jurisdiction: VN
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-2892768f
Nodes: 3
Behavior: MIXED
ASN: AS197834 — Ucom CJSC
Country: AM
Mobility: Fixed infrastructure
Location: 40.250°, 45.000° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS197834 — Ucom CJSC (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS197834 (Ucom CJSC) · Jurisdiction: AM
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-6f76090a
Nodes: 3
Behavior: MIXED
ASN: AS44050 — Petersburg Internet Network ltd.
Country: RU
Mobility: Fixed infrastructure
Location: 55.739°, 37.607° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS44050 — Petersburg Internet Network ltd. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS44050 (Petersburg Internet Network ltd.) · Jurisdiction: RU
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-4a5bc8af
Nodes: 13
Behavior: MIXED
ASN: AS16509 — Amazon.com, Inc.
Infra: Hyperscaler (83% conf) · 2 ASNs
Country: US
Mobility: Fixed infrastructure
Location: 37.339°, -121.892° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS16509 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS16509 (Amazon.com, Inc.) [Hyperscaler] · Jurisdiction: US
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-5273d558
Nodes: 3
Behavior: MIXED
ASN: AS8075 — Microsoft Corporation
Infra: Hyperscaler (100% conf)
Country: US
Mobility: Fixed infrastructure
Location: 29.423°, -98.493° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS8075 — Microsoft Corporation (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS8075 (Microsoft Corporation) [Hyperscaler] · Jurisdiction: US
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-7961a5ae
Nodes: 3
Behavior: MIXED
ASN: AS8075 — Microsoft Corporation
Infra: Hyperscaler (100% conf)
Country: US
Mobility: Fixed infrastructure
Location: 33.453°, -112.075° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS8075 — Microsoft Corporation (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS8075 (Microsoft Corporation) [Hyperscaler] · Jurisdiction: US
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-0450207d
Nodes: 3
Behavior: MIXED
ASN: AS214940 — Kprohost LLC
Country: UA
Mobility: Fixed infrastructure
Location: 50.452°, 30.529° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS214940 — Kprohost LLC (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS214940 (Kprohost LLC) · Jurisdiction: UA
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-56028ea3
Nodes: 9
Behavior: MIXED
ASN: AS16509 — Amazon.com, Inc.
Infra: Hyperscaler (50% conf) · 3 ASNs
Country: IE
Mobility: Fixed infrastructure
Location: 53.338°, -6.259° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS16509 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS16509 (Amazon.com, Inc.) [Hyperscaler] · Jurisdiction: IE
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-cceef2cd
Nodes: 3
Behavior: MIXED
ASN: AS8010 — PenTeleData Inc.
Country: US
Mobility: Fixed infrastructure
Location: 41.578°, -75.255° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS8010 — PenTeleData Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS8010 (PenTeleData Inc.) · Jurisdiction: US
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-7b3479de
Nodes: 7
Behavior: MIXED
ASN: AS54641 — InMotion Hosting, Inc.
Country: US
Mobility: Fixed infrastructure
Location: 37.751°, -97.822° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS54641 — InMotion Hosting, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS54641 (InMotion Hosting, Inc.) ⚠ mixed infra (3 ASNs, 33% confidence) · Jurisdiction: US
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-cf233f95
Nodes: 9
Behavior: MIXED
ASN: AS4134 — CHINANET Guangdong province network
Country: CN
Mobility: Fixed infrastructure
Location: 34.773°, 113.722° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS4134 — CHINANET Guangdong province network (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS4134 (CHINANET Guangdong province network) · Jurisdiction: CN
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-8052a076
Nodes: 3
Behavior: MIXED
ASN: AS3215 — Orange
Country: FR
Mobility: Fixed infrastructure
Location: 43.722°, 7.118° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS3215 — Orange (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS3215 (Orange) · Jurisdiction: FR
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-63d1d285
Nodes: 23
Behavior: MIXED
ASN: AS6389 — Amazon.com, Inc.
Infra: Hyperscaler (73% conf) · 3 ASNs
Country: ID
Mobility: Fixed infrastructure
Location: -6.211°, 106.845° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS6389 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS6389 (Amazon.com, Inc.) [Hyperscaler] · Jurisdiction: ID
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-cd13a4db
Nodes: 7
Behavior: MIXED
ASN: AS16509 — Amazon.com, Inc.
Infra: Hyperscaler (67% conf) · 2 ASNs
Country: AU
Mobility: Fixed infrastructure
Location: -33.867°, 151.200° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS16509 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS16509 (Amazon.com, Inc.) [Hyperscaler] · Jurisdiction: AU
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-c30796c1
Nodes: 3
Behavior: MIXED
ASN: AS8649 — Dedik Services Limited
Country: DE
Mobility: Fixed infrastructure
Location: 51.299°, 9.491° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS8649 — Dedik Services Limited (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS8649 (Dedik Services Limited) · Jurisdiction: DE
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-756b0eb2
Nodes: 3
Behavior: MIXED
ASN: AS328436 — Flashnet-Technologies-Limited
Country: TZ
Mobility: Fixed infrastructure
Location: -6.823°, 39.291° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS328436 — Flashnet-Technologies-Limited (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS328436 (Flashnet-Technologies-Limited) · Jurisdiction: TZ
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-b120604a
Nodes: 3
Behavior: MIXED
ASN: AS272809 — THUNDERNET, C.A.
Country: VE
Mobility: Fixed infrastructure
Location: 10.487°, -66.874° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS272809 — THUNDERNET, C.A. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS272809 (THUNDERNET, C.A.) · Jurisdiction: VE
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-63954e9e
Nodes: 3
Behavior: MIXED
ASN: AS198193 — Amarutu Technology Ltd
Country: SC
Mobility: Fixed infrastructure
Location: -4.583°, 55.667° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS198193 — Amarutu Technology Ltd (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS198193 (Amarutu Technology Ltd) · Jurisdiction: SC
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-974e5955
Nodes: 3
Behavior: MIXED
ASN: AS4766 — Korea Telecom
Infra: ISP (100% conf)
Country: KR
Mobility: Fixed infrastructure
Location: 34.571°, 126.601° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS4766 — Korea Telecom (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS4766 (Korea Telecom) [ISP] · Jurisdiction: KR
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-66e8dfae
Nodes: 3
Behavior: MIXED
ASN: AS16509 — Amazon.com, Inc.
Infra: Hyperscaler (100% conf)
Country: US
Mobility: Fixed infrastructure
Location: 39.962°, -83.006° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS16509 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS16509 (Amazon.com, Inc.) [Hyperscaler] · Jurisdiction: US
→ Awaiting sufficient data
[16:18:43]⚫Quiet — 3 nodes @ 39.96°,-83.01° US · AS16509 (Amazon.com, Inc.) [Hyperscaler] · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ 34.57°,126.60° KR · AS4766 (Korea Telecom) [ISP] · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ -4.58°,55.67° SC · AS198193 (Amarutu Technology Ltd) · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ 10.49°,-66.87° VE · AS272809 (THUNDERNET, C.A.) · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ -6.82°,39.29° TZ · AS328436 (Flashnet-Technologies-Limited) · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ 51.30°,9.49° DE · AS8649 (Dedik Services Limited) · threat 50%
[16:18:43]⚫Quiet — 7 nodes @ -33.87°,151.20° AU · AS16509 (Amazon.com, Inc.) [Hyperscaler] · threat 50%
[16:18:43]⚫Quiet — 23 nodes @ -6.21°,106.84° ID · AS6389 (Amazon.com, Inc.) [Hyperscaler] · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ 43.72°,7.12° FR · AS3215 (Orange) · threat 50%
[16:18:43]⚫Quiet — 9 nodes @ 34.77°,113.72° CN · AS4134 (CHINANET Guangdong province network) · threat 50%
[16:18:43]⚫Quiet — 7 nodes @ 37.75°,-97.82° US · AS54641 (InMotion Hosting, Inc.) · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ 41.58°,-75.26° US · AS8010 (PenTeleData Inc.) · threat 50%
[16:18:43]⚫Quiet — 9 nodes @ 53.34°,-6.26° IE · AS16509 (Amazon.com, Inc.) [Hyperscaler] · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ 50.45°,30.53° UA · AS214940 (Kprohost LLC) · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ 33.45°,-112.07° US · AS8075 (Microsoft Corporation) [Hyperscaler] · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ 29.42°,-98.49° US · AS8075 (Microsoft Corporation) [Hyperscaler] · threat 50%
[16:18:43]⚫Quiet — 13 nodes @ 37.34°,-121.89° US · AS16509 (Amazon.com, Inc.) [Hyperscaler] · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ 55.74°,37.61° RU · AS44050 (Petersburg Internet Network ltd.) · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ 40.25°,45.00° AM · AS197834 (Ucom CJSC) · threat 50%
[16:18:43]⚫Quiet — 3 nodes @ 16.17°,107.83° VN · AS2514 (GMO-Z.com Runsystem Joint Stock Company) · threat 50%