Tables
10B3 fp queue summary
10B3_fp_queue_summary.csv
| queue |
count |
percent |
| TRACE-dominant |
218 |
81.04 |
| Low-volume |
51 |
18.96 |
| Suspicious-low-volume (SUSPICIOUS >= 3) |
6 |
2.23 |
10B7 taxonomy summary
10B7_taxonomy_summary.csv
| taxonomy |
events_in_behavior_pack |
| Other Probing/Recon |
11 |
| Secrets/Config Exposure (.env) |
3 |
| Admin Surface Probing |
1 |
| CMS Probing (WordPress) |
1 |
| Repo/Source Exposure (.git) |
1 |
10B8 confidence summary
10B8_confidence_summary.csv
| hostility_confidence |
events_in_pack |
percent |
| HIGH |
8 |
47.06 |
| MEDIUM |
9 |
52.94 |
10B8 ip conf rollup
10B8_ip_conf_rollup.csv
| ip |
max_conf_rank |
behaviors |
events |
first_seen |
last_seen |
max_confidence |
| 67.213.118.179 |
2 |
5 |
5 |
2026-02-27 13:21:17+00:00 |
2026-02-27 13:21:17+00:00 |
HIGH |
| 130.12.180.34 |
2 |
3 |
3 |
2026-03-01 04:31:28+00:00 |
2026-03-01 04:31:55+00:00 |
HIGH |
| 172.94.9.253 |
2 |
3 |
3 |
2026-02-28 22:50:10+00:00 |
2026-02-28 22:50:11+00:00 |
HIGH |
| 204.76.203.18 |
1 |
3 |
3 |
2026-02-27 17:13:02+00:00 |
2026-02-28 14:24:57+00:00 |
MEDIUM |
| 45.156.87.52 |
1 |
2 |
2 |
2026-02-28 20:09:47+00:00 |
2026-02-28 20:09:48+00:00 |
MEDIUM |
| 89.42.231.241 |
1 |
1 |
1 |
2026-02-27 17:51:18+00:00 |
2026-02-27 17:51:18+00:00 |
MEDIUM |
10B9 high confidence ips
10B9_high_confidence_ips.csv
| ip |
max_rank |
events |
behaviors |
high_events |
medium_events |
low_events |
first_seen |
last_seen |
max_confidence |
TRACE |
SUSPICIOUS |
BENIGN |
trace_ratio |
fp_rationale |
soc_cohort |
| 130.12.180.34 |
2 |
3 |
3 |
3 |
0 |
0 |
2026-03-01 04:31:28+00:00 |
2026-03-01 04:31:55+00:00 |
HIGH |
0 |
3 |
0 |
0.000000 |
Low-volume activity |
HIGH-confidence hostile indicators |
| 172.94.9.253 |
2 |
3 |
3 |
3 |
0 |
0 |
2026-02-28 22:50:10+00:00 |
2026-02-28 22:50:11+00:00 |
HIGH |
0 |
3 |
0 |
0.000000 |
Low-volume activity |
HIGH-confidence hostile indicators |
| 67.213.118.179 |
2 |
5 |
5 |
2 |
3 |
0 |
2026-02-27 13:21:17+00:00 |
2026-02-27 13:21:17+00:00 |
HIGH |
1 |
8 |
0 |
0.111111 |
Low-volume activity |
HIGH-confidence hostile indicators |
10B9 ip rollup
10B9_ip_rollup.csv
| ip |
max_rank |
events |
behaviors |
high_events |
medium_events |
low_events |
first_seen |
last_seen |
max_confidence |
TRACE |
SUSPICIOUS |
BENIGN |
trace_ratio |
fp_rationale |
soc_cohort |
| 130.12.180.34 |
2 |
3 |
3 |
3 |
0 |
0 |
2026-03-01 04:31:28+00:00 |
2026-03-01 04:31:55+00:00 |
HIGH |
0 |
3 |
0 |
0.000000 |
Low-volume activity |
HIGH-confidence hostile indicators |
| 172.94.9.253 |
2 |
3 |
3 |
3 |
0 |
0 |
2026-02-28 22:50:10+00:00 |
2026-02-28 22:50:11+00:00 |
HIGH |
0 |
3 |
0 |
0.000000 |
Low-volume activity |
HIGH-confidence hostile indicators |
| 204.76.203.18 |
1 |
5 |
3 |
0 |
5 |
0 |
2026-02-27 17:13:02+00:00 |
2026-03-01 04:26:40+00:00 |
MEDIUM |
4 |
6 |
0 |
0.400000 |
Low-volume activity |
Low-volume / ambiguous |
| 45.156.87.52 |
1 |
5 |
2 |
0 |
5 |
0 |
2026-02-28 20:09:47+00:00 |
2026-02-28 20:09:50+00:00 |
MEDIUM |
0 |
5 |
0 |
0.000000 |
Low-volume activity |
Low-volume / ambiguous |
| 67.213.118.179 |
2 |
5 |
5 |
2 |
3 |
0 |
2026-02-27 13:21:17+00:00 |
2026-02-27 13:21:17+00:00 |
HIGH |
1 |
8 |
0 |
0.111111 |
Low-volume activity |
HIGH-confidence hostile indicators |
| 89.42.231.241 |
1 |
3 |
1 |
0 |
3 |
0 |
2026-02-27 17:51:18+00:00 |
2026-03-01 00:11:22+00:00 |
MEDIUM |
0 |
3 |
0 |
0.000000 |
Low-volume activity |
Low-volume / ambiguous |
10B10 cohort scope
10B10_cohort_scope.csv
| cohort |
ip_count |
percent_of_fp_review_ips |
evidence_depth |
| FP review cohort (broad queue) — df_fp_review |
269 |
100.00 |
Shallow (queueing) |
| Queue: TRACE-dominant — df_fp_queue_trace |
218 |
81.04 |
Shallow (queueing) |
| Queue: Low-volume — df_fp_queue_low |
51 |
18.96 |
Shallow (queueing) |
| Queue: Suspicious-low-volume — df_fp_queue_susp_low |
6 |
2.23 |
Deep candidate subset |
| Deep evidence cohort (behavior pack) — df_fp_behavior_pack |
6 |
2.23 |
Deep (behavior-backed) |
| High-confidence hostile indicators (within deep) — df_fp_high_indicator_ips |
3 |
1.12 |
Deep (prioritized) |
10B11 artifacts index
10B11_artifacts_index.csv
| artifact |
description |
shape |
| df_events |
Canonical evidence dataframe (windowed, normalized) |
(10110, 11) |
| AUDIT_WINDOW |
Canonical time window contract |
|
| df_fp_review |
FP review queue (broad) |
(269, 17) |
| df_fp_stratified |
FP stratification categories (optional) |
(269, 18) |
| df_fp_queue_summary |
FP triage queue summary (optional) |
(3, 3) |
| df_fp_queue_trace |
Queue: TRACE-dominant (optional) |
(218, 18) |
| df_fp_queue_low |
Queue: low-volume (optional) |
(51, 18) |
| df_fp_queue_susp_low |
Queue: suspicious-low-volume (optional) |
(6, 18) |
| df_fp_behavior_pack |
Behavior-compressed deep evidence pack |
(17, 10) |
| df_fp_taxonomy_summary |
Behavior taxonomy summary (counts; optional) |
(5, 2) |
| df_fp_confidence_summary |
Hostility confidence distribution (optional) |
(2, 3) |
| df_fp_high_indicator_ips |
High-confidence IP list (deep cohort) |
(3, 16) |
| df_fp_cohort_scope |
Cohort scope + evidence depth table |
(6, 4) |
| SOC_NARRATIVE_10B7 |
Narrative: behavior taxonomy (10B.7) |
|
| SOC_NARRATIVE_10B8 |
Narrative: hostility confidence triage (10B.8) |
|
| SOC_NARRATIVE_10B9 |
Narrative: review cohorts framing (10B.9) |
|
| SOC_NARRATIVE_10B10 |
Narrative: cohort scope + depth framing (10B.10) |
|
| df_ip_conf |
Per-IP confidence rollup (optional) |
(6, 7) |
| df_fp_cohort_metrics |
Cohort metrics table (optional) |
(2, 3) |
| df_ip_roll |
Per-IP cohort rollup (optional) |
(6, 16) |
| df_top_indicators |
Top indicators table (optional) |
(17, 3) |
| df_fp_taxonomy_ip_counts |
Taxonomy unique-IP counts (optional) |
(5, 2) |
11 8 ip triage roster
11_8_ip_triage_roster.csv
| ip |
max_confidence |
quadrant |
behaviors |
events |
first_seen |
last_seen |
| 67.213.118.179 |
HIGH |
Q1: high-behavior / high-volume |
5 |
5 |
2026-02-27 13:21:17+00:00 |
2026-02-27 13:21:17+00:00 |
| 130.12.180.34 |
HIGH |
Q1: high-behavior / high-volume |
3 |
3 |
2026-03-01 04:31:28+00:00 |
2026-03-01 04:31:55+00:00 |
| 172.94.9.253 |
HIGH |
Q1: high-behavior / high-volume |
3 |
3 |
2026-02-28 22:50:10+00:00 |
2026-02-28 22:50:11+00:00 |
| 204.76.203.18 |
MEDIUM |
Q1: high-behavior / high-volume |
3 |
3 |
2026-02-27 17:13:02+00:00 |
2026-02-28 14:24:57+00:00 |
| 45.156.87.52 |
MEDIUM |
Q3: low-behavior / low-volume |
2 |
2 |
2026-02-28 20:09:47+00:00 |
2026-02-28 20:09:48+00:00 |
| 89.42.231.241 |
MEDIUM |
Q3: low-behavior / low-volume |
1 |
1 |
2026-02-27 17:51:18+00:00 |
2026-02-27 17:51:18+00:00 |
11 9 ip network enrichment
11_9_ip_network_enrichment.csv
| ip |
max_conf_rank |
behaviors |
events |
first_seen |
last_seen |
max_confidence |
in_high_conf_subset |
rdns |
asn |
asn_description |
asn_country_code |
network_name |
whois_source |
enrichment_status |
| 67.213.118.179 |
2 |
5 |
5 |
2026-02-27 13:21:17+00:00 |
2026-02-27 13:21:17+00:00 |
HIGH |
True |
|
396356 |
LATITUDE-SH - Latitude.sh, US |
US |
ML-1213 |
rdap |
ok |
| 130.12.180.34 |
2 |
3 |
3 |
2026-03-01 04:31:28+00:00 |
2026-03-01 04:31:55+00:00 |
HIGH |
True |
|
202412 |
OMEGATECH-AS, SC |
US |
LANEDONET |
rdap |
ok |
| 172.94.9.253 |
2 |
3 |
3 |
2026-02-28 22:50:10+00:00 |
2026-02-28 22:50:11+00:00 |
HIGH |
True |
|
213790 |
LIMITEDNETWORK-AS, GB |
US |
INTERNET-SECURITY-LIMITED-NETWORK |
rdap |
ok |
| 204.76.203.18 |
1 |
3 |
3 |
2026-02-27 17:13:02+00:00 |
2026-02-28 14:24:57+00:00 |
MEDIUM |
False |
204.76.203.18.ptr.pfcloud.network |
51396 |
PFCLOUD Pfcloud UG, DE |
NL |
PFCLOUD-UG |
rdap |
ok |
| 45.156.87.52 |
1 |
2 |
2 |
2026-02-28 20:09:47+00:00 |
2026-02-28 20:09:48+00:00 |
MEDIUM |
False |
|
51396 |
PFCLOUD Pfcloud UG, DE |
NL |
VMHeaven |
rdap |
ok |
| 89.42.231.241 |
1 |
1 |
1 |
2026-02-27 17:51:18+00:00 |
2026-02-27 17:51:18+00:00 |
MEDIUM |
False |
|
206264 |
AMARUTU-TECHNOLOGY, SC |
SC |
SC-AMARUTU-20051129 |
rdap |
ok |
11 10 asn counts all
11_10_asn_counts_all.csv
| asn |
network_name |
ip_count |
asn_label |
| 202412 |
LANEDONET |
1 |
AS202412 LANEDONET |
| 206264 |
SC-AMARUTU-20051129 |
1 |
AS206264 SC-AMARUTU-20051129 |
| 213790 |
INTERNET-SECURITY-LIMITED-NETWORK |
1 |
AS213790 INTERNET-SECURITY-LIMITED-NETWORK |
| 396356 |
ML-1213 |
1 |
AS396356 ML-1213 |
| 51396 |
PFCLOUD-UG |
1 |
AS51396 PFCLOUD-UG |
| 51396 |
VMHeaven |
1 |
AS51396 VMHeaven |
11 10 asn counts high
11_10_asn_counts_high.csv
| asn |
network_name |
ip_count |
asn_label |
| 202412 |
LANEDONET |
1 |
AS202412 LANEDONET |
| 213790 |
INTERNET-SECURITY-LIMITED-NETWORK |
1 |
AS213790 INTERNET-SECURITY-LIMITED-NETWORK |
| 396356 |
ML-1213 |
1 |
AS396356 ML-1213 |
11 10 country counts all
11_10_country_counts_all.csv
| asn_country_code |
ip_count |
| US |
3 |
| NL |
2 |
| SC |
1 |
11 10 country counts high
11_10_country_counts_high.csv
| asn_country_code |
ip_count |
| US |
3 |
11 11 hosting classification full
11_11_hosting_classification_full.csv
| ip |
max_conf_rank |
behaviors |
events |
first_seen |
last_seen |
max_confidence |
in_high_conf_subset |
rdns |
asn |
asn_description |
asn_country_code |
network_name |
whois_source |
enrichment_status |
conf_rank |
hosting_type |
| 67.213.118.179 |
2 |
5 |
5 |
2026-02-27 13:21:17+00:00 |
2026-02-27 13:21:17+00:00 |
HIGH |
True |
|
396356 |
LATITUDE-SH - Latitude.sh, US |
US |
ML-1213 |
rdap |
ok |
2 |
Unknown / Other |
| 130.12.180.34 |
2 |
3 |
3 |
2026-03-01 04:31:28+00:00 |
2026-03-01 04:31:55+00:00 |
HIGH |
True |
|
202412 |
OMEGATECH-AS, SC |
US |
LANEDONET |
rdap |
ok |
2 |
Unknown / Other |
| 172.94.9.253 |
2 |
3 |
3 |
2026-02-28 22:50:10+00:00 |
2026-02-28 22:50:11+00:00 |
HIGH |
True |
|
213790 |
LIMITEDNETWORK-AS, GB |
US |
INTERNET-SECURITY-LIMITED-NETWORK |
rdap |
ok |
2 |
Unknown / Other |
| 204.76.203.18 |
1 |
3 |
3 |
2026-02-27 17:13:02+00:00 |
2026-02-28 14:24:57+00:00 |
MEDIUM |
False |
204.76.203.18.ptr.pfcloud.network |
51396 |
PFCLOUD Pfcloud UG, DE |
NL |
PFCLOUD-UG |
rdap |
ok |
1 |
Unknown / Other |
| 45.156.87.52 |
1 |
2 |
2 |
2026-02-28 20:09:47+00:00 |
2026-02-28 20:09:48+00:00 |
MEDIUM |
False |
|
51396 |
PFCLOUD Pfcloud UG, DE |
NL |
VMHeaven |
rdap |
ok |
1 |
Unknown / Other |
| 89.42.231.241 |
1 |
1 |
1 |
2026-02-27 17:51:18+00:00 |
2026-02-27 17:51:18+00:00 |
MEDIUM |
False |
|
206264 |
AMARUTU-TECHNOLOGY, SC |
SC |
SC-AMARUTU-20051129 |
rdap |
ok |
1 |
Unknown / Other |
11 11 hosting classification summary
11_11_hosting_classification_summary.csv
| hosting_type |
ip_count |
high_conf_ips |
| Unknown / Other |
6 |
3 |
11 12 reverse context full
11_12_reverse_context_full.csv
| ip |
max_conf_rank |
behaviors |
events |
first_seen |
last_seen |
max_confidence |
in_high_conf_subset |
rdns |
asn |
asn_description |
asn_country_code |
network_name |
whois_source |
enrichment_status |
conf_rank |
reverse_domains_count |
reverse_domains_sample |
reverse_lookup_status |
reverse_lookup_note |
ptr_fresh |
cohosting_signal |
cohosting_basis |
| 67.213.118.179 |
2 |
5 |
5 |
2026-02-27 13:21:17+00:00 |
2026-02-27 13:21:17+00:00 |
HIGH |
True |
|
396356 |
LATITUDE-SH - Latitude.sh, US |
US |
ML-1213 |
rdap |
ok |
2 |
1 |
gpt-demo.estellaconsulting.net |
ok |
NaN |
NaN |
LOW_shared_infra_signal |
reverse_ip_ok_domains_1_to_4 |
| 130.12.180.34 |
2 |
3 |
3 |
2026-03-01 04:31:28+00:00 |
2026-03-01 04:31:55+00:00 |
HIGH |
True |
|
202412 |
OMEGATECH-AS, SC |
US |
LANEDONET |
rdap |
ok |
2 |
0 |
|
ok |
NaN |
NaN |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
| 172.94.9.253 |
2 |
3 |
3 |
2026-02-28 22:50:10+00:00 |
2026-02-28 22:50:11+00:00 |
HIGH |
True |
|
213790 |
LIMITEDNETWORK-AS, GB |
US |
INTERNET-SECURITY-LIMITED-NETWORK |
rdap |
ok |
2 |
0 |
|
ok |
NaN |
NaN |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
| 204.76.203.18 |
1 |
3 |
3 |
2026-02-27 17:13:02+00:00 |
2026-02-28 14:24:57+00:00 |
MEDIUM |
False |
204.76.203.18.ptr.pfcloud.network |
51396 |
PFCLOUD Pfcloud UG, DE |
NL |
PFCLOUD-UG |
rdap |
ok |
1 |
0 |
|
ok |
NaN |
NaN |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
| 45.156.87.52 |
1 |
2 |
2 |
2026-02-28 20:09:47+00:00 |
2026-02-28 20:09:48+00:00 |
MEDIUM |
False |
|
51396 |
PFCLOUD Pfcloud UG, DE |
NL |
VMHeaven |
rdap |
ok |
1 |
0 |
|
ok |
NaN |
NaN |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
| 89.42.231.241 |
1 |
1 |
1 |
2026-02-27 17:51:18+00:00 |
2026-02-27 17:51:18+00:00 |
MEDIUM |
False |
|
206264 |
AMARUTU-TECHNOLOGY, SC |
SC |
SC-AMARUTU-20051129 |
rdap |
ok |
1 |
0 |
|
ok |
NaN |
NaN |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
11 12 reverse summary deep
11_12_reverse_summary_deep.csv
| cohosting_signal |
ip_count |
high_conf_ips |
reverseip_ok |
percent_of_deep_cohort |
| LOW_shared_infra_signal |
1 |
1 |
1 |
16.67 |
| ZERO_domains_visible |
5 |
2 |
5 |
83.33 |
11 12 reverse summary high
11_12_reverse_summary_high.csv
| cohosting_signal |
ip_count |
percent_of_high_conf_subset |
| LOW_shared_infra_signal |
1 |
33.33 |
| ZERO_domains_visible |
2 |
66.67 |
11 13 asn counts deep
11_13_asn_counts_deep.csv
| asn_label |
ip_count |
percent |
subset |
| AS51396 — PFCLOUD Pfcloud UG, DE |
2 |
33.33 |
deep_cohort |
| AS202412 — OMEGATECH-AS, SC |
1 |
16.67 |
deep_cohort |
| AS206264 — AMARUTU-TECHNOLOGY, SC |
1 |
16.67 |
deep_cohort |
| AS213790 — LIMITEDNETWORK-AS, GB |
1 |
16.67 |
deep_cohort |
| AS396356 — LATITUDE-SH - Latitude.sh, US |
1 |
16.67 |
deep_cohort |
11 13 asn counts high
11_13_asn_counts_high.csv
| asn_label |
ip_count |
percent |
subset |
| AS202412 — OMEGATECH-AS, SC |
1 |
33.33 |
high_conf_subset |
| AS213790 — LIMITEDNETWORK-AS, GB |
1 |
33.33 |
high_conf_subset |
| AS396356 — LATITUDE-SH - Latitude.sh, US |
1 |
33.33 |
high_conf_subset |
11 13 country counts deep
11_13_country_counts_deep.csv
| asn_country_code |
ip_count |
percent |
subset |
| US |
3 |
50.00 |
deep_cohort |
| NL |
2 |
33.33 |
deep_cohort |
| SC |
1 |
16.67 |
deep_cohort |
11 13 country counts high
11_13_country_counts_high.csv
| asn_country_code |
ip_count |
percent |
subset |
| US |
3 |
100.0 |
high_conf_subset |
11 13 network counts deep
11_13_network_counts_deep.csv
| network_name |
ip_count |
percent |
subset |
| INTERNET-SECURITY-LIMITED-NETWORK |
1 |
16.67 |
deep_cohort |
| LANEDONET |
1 |
16.67 |
deep_cohort |
| ML-1213 |
1 |
16.67 |
deep_cohort |
| PFCLOUD-UG |
1 |
16.67 |
deep_cohort |
| SC-AMARUTU-20051129 |
1 |
16.67 |
deep_cohort |
| VMHeaven |
1 |
16.67 |
deep_cohort |
11 13 network counts high
11_13_network_counts_high.csv
| network_name |
ip_count |
percent |
subset |
| INTERNET-SECURITY-LIMITED-NETWORK |
1 |
33.33 |
high_conf_subset |
| LANEDONET |
1 |
33.33 |
high_conf_subset |
| ML-1213 |
1 |
33.33 |
high_conf_subset |
11 14 cross signal intersection full
11_14_cross_signal_intersection_full.csv
| ip |
max_conf_rank |
high_events |
total_events |
max_confidence |
distinct_behaviors |
behavior_events |
asn_country_code |
asn |
network_name |
asn_description |
rdns |
in_high_conf_subset |
cohosting_signal |
cohosting_basis |
reverse_lookup_status |
reverse_domains_count |
score |
priority_tier |
| 130.12.180.34 |
2 |
3 |
3 |
HIGH |
3 |
3 |
US |
202412 |
LANEDONET |
OMEGATECH-AS, SC |
|
True |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
ok |
0 |
4 |
Tier 1 — Multi-signal (high priority) |
| 172.94.9.253 |
2 |
3 |
3 |
HIGH |
3 |
3 |
US |
213790 |
INTERNET-SECURITY-LIMITED-NETWORK |
LIMITEDNETWORK-AS, GB |
|
True |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
ok |
0 |
4 |
Tier 1 — Multi-signal (high priority) |
| 204.76.203.18 |
1 |
0 |
3 |
MEDIUM |
3 |
3 |
NL |
51396 |
PFCLOUD-UG |
PFCLOUD Pfcloud UG, DE |
204.76.203.18.ptr.pfcloud.network |
False |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
ok |
0 |
2 |
Tier 2 — Notable (monitor) |
| 45.156.87.52 |
1 |
0 |
2 |
MEDIUM |
2 |
2 |
NL |
51396 |
VMHeaven |
PFCLOUD Pfcloud UG, DE |
|
False |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
ok |
0 |
0 |
Tier 3 — Contextual |
| 67.213.118.179 |
2 |
2 |
5 |
HIGH |
5 |
5 |
US |
396356 |
ML-1213 |
LATITUDE-SH - Latitude.sh, US |
|
True |
LOW_shared_infra_signal |
reverse_ip_ok_domains_1_to_4 |
ok |
1 |
4 |
Tier 1 — Multi-signal (high priority) |
| 89.42.231.241 |
1 |
0 |
1 |
MEDIUM |
1 |
1 |
SC |
206264 |
SC-AMARUTU-20051129 |
AMARUTU-TECHNOLOGY, SC |
|
False |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
ok |
0 |
0 |
Tier 3 — Contextual |
11 14 cross signal intersection summary
11_14_cross_signal_intersection_summary.csv
| priority_tier |
ip_count |
high_conf_ips |
| Tier 1 — Multi-signal (high priority) |
3 |
3 |
| Tier 2 — Notable (monitor) |
1 |
0 |
| Tier 3 — Contextual |
2 |
0 |
11 14 cross signal intersection top
11_14_cross_signal_intersection_top.csv
| ip |
max_conf_rank |
high_events |
total_events |
max_confidence |
distinct_behaviors |
behavior_events |
asn_country_code |
asn |
network_name |
asn_description |
rdns |
in_high_conf_subset |
cohosting_signal |
cohosting_basis |
reverse_lookup_status |
reverse_domains_count |
score |
priority_tier |
| 130.12.180.34 |
2 |
3 |
3 |
HIGH |
3 |
3 |
US |
202412 |
LANEDONET |
OMEGATECH-AS, SC |
|
True |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
ok |
0 |
4 |
Tier 1 — Multi-signal (high priority) |
| 172.94.9.253 |
2 |
3 |
3 |
HIGH |
3 |
3 |
US |
213790 |
INTERNET-SECURITY-LIMITED-NETWORK |
LIMITEDNETWORK-AS, GB |
|
True |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
ok |
0 |
4 |
Tier 1 — Multi-signal (high priority) |
| 67.213.118.179 |
2 |
2 |
5 |
HIGH |
5 |
5 |
US |
396356 |
ML-1213 |
LATITUDE-SH - Latitude.sh, US |
|
True |
LOW_shared_infra_signal |
reverse_ip_ok_domains_1_to_4 |
ok |
1 |
4 |
Tier 1 — Multi-signal (high priority) |
| 204.76.203.18 |
1 |
0 |
3 |
MEDIUM |
3 |
3 |
NL |
51396 |
PFCLOUD-UG |
PFCLOUD Pfcloud UG, DE |
204.76.203.18.ptr.pfcloud.network |
False |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
ok |
0 |
2 |
Tier 2 — Notable (monitor) |
| 45.156.87.52 |
1 |
0 |
2 |
MEDIUM |
2 |
2 |
NL |
51396 |
VMHeaven |
PFCLOUD Pfcloud UG, DE |
|
False |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
ok |
0 |
0 |
Tier 3 — Contextual |
| 89.42.231.241 |
1 |
0 |
1 |
MEDIUM |
1 |
1 |
SC |
206264 |
SC-AMARUTU-20051129 |
AMARUTU-TECHNOLOGY, SC |
|
False |
ZERO_domains_visible |
reverse_ip_ok_zero_domains |
ok |
0 |
0 |
Tier 3 — Contextual |
Audit posture: descriptive export only. No enforcement, allowlisting, suppression, or config changes.
