[ { "id": 3946191805, "indicator": "112.46.214.76", "type": "IPv4", "created": "2026-03-23T01:48:40", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.214.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T01:48:39", "is_active": 1 }, { "id": 87241547, "indicator": "199.195.248.31", "type": "IPv4", "created": "2026-03-23T01:48:40", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 199.195.248.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T01:48:39", "is_active": 1 }, { "id": 4175625886, "indicator": "182.71.94.6", "type": "IPv4", "created": "2026-03-23T01:48:40", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 182.71.94.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T01:48:39", "is_active": 1 }, { "id": 3992718771, "indicator": "44.220.188.239", "type": "IPv4", "created": "2026-03-23T01:48:40", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 44.220.188.239 observed using TLS client fingerprint 'Unknown TLS Client (5103125acceb)' 2 times when connecting to db4lamedtech between 2026-03-22 21:08 and 2026-03-22 21:08 UTC.", "expiration": "2026-04-22T01:48:39", "is_active": 1 }, { "id": 2257193513, "indicator": "198.211.117.235", "type": "IPv4", "created": "2026-03-23T01:48:40", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 7s; 7 events.", "expiration": "2026-04-22T01:48:39", "is_active": 1 }, { "id": 4277212896, "indicator": "93.56.46.101", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 93.56.46.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278748260, "indicator": "80.94.95.6", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 80.94.95.6 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 3716658938, "indicator": "27.47.25.231", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.25.231 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4275622427, "indicator": "191.252.212.171", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 191.252.212.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4173358563, "indicator": "116.178.131.14", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4274400080, "indicator": "111.119.220.50", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 111.119.220.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4233414236, "indicator": "139.59.21.94", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.21.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4272775036, "indicator": "60.208.18.149", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 60.208.18.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278745959, "indicator": "66.132.186.163", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 66.132.186.163 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, hacking, multi-reported).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4277152186, "indicator": "66.132.195.60", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 3931168651, "indicator": "112.46.213.207", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 112.46.213.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4173284897, "indicator": "114.97.190.163", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4119331748, "indicator": "39.105.121.49", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 39.105.121.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278745581, "indicator": "66.132.195.68", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.68 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4277150456, "indicator": "192.101.68.77", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.101.68.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278740422, "indicator": "64.23.255.6", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Santa Clara, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via adbhoney. Session included execution of 1 commands (payload download). duration: 45s; 3 events.", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278738876, "indicator": "147.182.235.48", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Santa Clara, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via adbhoney. Session included execution of 1 commands (payload download). duration: 45s; 3 events.", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278736567, "indicator": "146.190.51.39", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 146.190.51.39 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278736566, "indicator": "64.23.190.238", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Santa Clara, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via adbhoney. Session included execution of 1 commands (payload download). duration: 45s; 3 events.", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4053914255, "indicator": "64.23.195.134", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 64.23.195.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4072038381, "indicator": "196.189.59.226", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 196.189.59.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278736565, "indicator": "209.38.147.246", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 209.38.147.246 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278736579, "indicator": "139.189.201.161", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 139.189.201.161 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4165499226, "indicator": "121.29.149.12", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 2680335249, "indicator": "124.89.90.57", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.89.90.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278736003, "indicator": "115.63.49.200", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 115.63.49.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4160577605, "indicator": "58.243.46.73", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.243.46.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278736099, "indicator": "64.23.237.75", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 64.23.237.75 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 3917867072, "indicator": "207.219.221.101", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 207.219.221.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4275707483, "indicator": "103.174.80.40", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 103.174.80.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4157552526, "indicator": "85.132.110.217", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 85.132.110.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 3767376821, "indicator": "81.13.62.77", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 81.13.62.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4277138661, "indicator": "66.132.186.191", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.186.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4107023104, "indicator": "123.157.223.90", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 123.157.223.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4154660224, "indicator": "27.147.36.33", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 27.147.36.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 3685163324, "indicator": "104.248.15.228", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 104.248.15.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4158986894, "indicator": "146.190.17.103", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 146.190.17.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278740294, "indicator": "64.227.167.104", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 64.227.167.104 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278738601, "indicator": "165.22.127.77", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 165.22.127.77 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, port-scan).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278738600, "indicator": "142.93.173.47", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 142.93.173.47 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4272887653, "indicator": "143.110.177.20", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.110.177.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4131817243, "indicator": "18.97.26.27", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 18.97.26.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278738938, "indicator": "66.132.186.199", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.186.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278738937, "indicator": "66.132.195.57", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 66.132.195.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278736185, "indicator": "94.26.106.197", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 94.26.106.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4161056162, "indicator": "171.244.142.233", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 171.244.142.233 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4185017991, "indicator": "120.205.8.150", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 120.205.8.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4011568703, "indicator": "185.247.137.133", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4262392101, "indicator": "45.134.9.27", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.134.9.27 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4156818836, "indicator": "165.22.122.89", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 165.22.122.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278497791, "indicator": "183.36.246.10", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 183.36.246.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278225966, "indicator": "66.132.195.70", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4158464917, "indicator": "49.158.171.113", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 49.158.171.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278496559, "indicator": "206.168.201.230", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 206.168.201.230 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4005665619, "indicator": "93.177.151.72", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 93.177.151.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278496398, "indicator": "47.83.6.182", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.83.6.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4274190990, "indicator": "118.196.54.43", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 118.196.54.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278483102, "indicator": "137.184.85.201", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Santa Clara, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via adbhoney. Session included execution of 1 commands (payload download). duration: 45s; 3 events.", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4239366088, "indicator": "222.95.168.78", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.95.168.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4275714428, "indicator": "94.156.221.46", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4156357466, "indicator": "211.200.98.61", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 211.200.98.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278142470, "indicator": "177.157.203.75", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4274339366, "indicator": "134.0.106.249", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 134.0.106.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4272708716, "indicator": "38.250.116.128", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Peru (AS3132, Red Cientifica Peruana). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 2ec37a7cc8da...); duration: 5s; 5 events.", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 3530036975, "indicator": "91.107.127.19", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 91.107.127.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4277212502, "indicator": "110.238.77.92", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 110.238.77.92 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4275710900, "indicator": "154.50.110.206", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 154.50.110.206 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278502773, "indicator": "172.233.53.30", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.233.53.30 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4278384916, "indicator": "165.245.175.124", "type": "IPv4", "created": "2026-03-23T02:48:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T02:48:45", "is_active": 1 }, { "id": 4148292968, "indicator": "193.104.222.148", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 193.104.222.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278328680, "indicator": "165.245.175.166", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278328681, "indicator": "165.245.175.191", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278328511, "indicator": "165.245.175.186", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278328509, "indicator": "165.245.175.181", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278328510, "indicator": "165.245.175.148", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278328512, "indicator": "165.245.175.169", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278328513, "indicator": "165.245.175.170", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278328089, "indicator": "165.245.175.150", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278328516, "indicator": "165.245.175.146", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278327901, "indicator": "165.245.175.182", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278323451, "indicator": "165.245.175.189", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278327899, "indicator": "165.245.175.175", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278323450, "indicator": "165.245.175.188", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278327902, "indicator": "165.245.175.184", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278327907, "indicator": "165.245.175.165", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278323446, "indicator": "165.245.175.173", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278327904, "indicator": "165.245.175.172", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278323189, "indicator": "165.245.175.196", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278327900, "indicator": "165.245.175.183", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278327903, "indicator": "165.245.175.194", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278324039, "indicator": "165.245.175.143", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278323442, "indicator": "165.245.175.142", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278324641, "indicator": "165.245.175.197", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278324643, "indicator": "165.245.175.200", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278324642, "indicator": "165.245.175.193", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278323445, "indicator": "165.245.175.161", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278324650, "indicator": "165.245.175.199", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278324649, "indicator": "165.245.175.162", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278324594, "indicator": "165.245.175.171", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278324647, "indicator": "165.245.175.157", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278324646, "indicator": "165.245.175.145", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278324645, "indicator": "165.245.175.130", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278323447, "indicator": "165.245.175.174", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278324644, "indicator": "165.245.175.140", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4278324648, "indicator": "165.245.175.147", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 4277440450, "indicator": "66.132.186.203", "type": "IPv4", "created": "2026-03-23T03:02:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 34s; 6 events.", "expiration": "2026-04-22T03:02:17", "is_active": 1 }, { "id": 3602222163, "indicator": "194.187.179.167", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4210231981, "indicator": "81.248.15.205", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 81.248.15.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4278323462, "indicator": "66.132.224.86", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 66.132.224.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, ftp-brute, hacking).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 3865245571, "indicator": "120.27.133.14", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 120.27.133.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4278750509, "indicator": "105.187.29.139", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 105.187.29.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4278750505, "indicator": "51.158.248.168", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 51.158.248.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4278748208, "indicator": "151.115.91.20", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Warsaw, Poland (AS12876, Scaleway SAS). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 29s; 2 events.", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4193787006, "indicator": "110.90.224.182", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.90.224.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4278745027, "indicator": "78.110.65.119", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 78.110.65.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4278741183, "indicator": "138.59.239.98", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 138.59.239.98 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (24 commands), 4 malware samples. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 3993174700, "indicator": "44.220.185.143", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 44.220.185.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, ftp-brute).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4278736455, "indicator": "211.188.59.210", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 211.188.59.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4278740292, "indicator": "66.132.195.83", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 66.132.195.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, port-scan).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4173328016, "indicator": "58.243.46.49", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 58.243.46.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4267965012, "indicator": "106.75.77.231", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.75.77.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4177195752, "indicator": "116.178.130.65", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4037064726, "indicator": "119.163.46.177", "type": "IPv4", "created": "2026-03-23T04:02:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 119.163.46.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T04:02:27", "is_active": 1 }, { "id": 4022078656, "indicator": "185.242.177.19", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Austria (AS35369, LINZ STROM GAS WAERME GmbH fuer Energiedienstleistungen und Telekommunikation). Observed targeting healthcare sector honeypot mdms-hp-01 via tanner. duration: 6s; 4 events.", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4278762051, "indicator": "185.242.177.50", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 185.242.177.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4263638331, "indicator": "103.134.154.142", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Singapore (AS138608, Cloud Host Pte Ltd) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 7 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistenc...", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4159758190, "indicator": "119.206.74.110", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 119.206.74.110 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (15 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4278760565, "indicator": "31.117.51.220", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 31.117.51.220 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, reported).", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4140163391, "indicator": "79.125.160.249", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 79.125.160.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4278480506, "indicator": "165.227.145.12", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 165.227.145.12 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 3915883123, "indicator": "112.46.213.247", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.213.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4156693121, "indicator": "36.250.220.251", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.250.220.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4261345509, "indicator": "103.173.7.203", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.173.7.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4218400240, "indicator": "58.124.109.29", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Suwon, South Korea (AS9318, SK Broadband Co Ltd). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 4 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of...", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4278754612, "indicator": "192.158.28.118", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 192.158.28.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4275551074, "indicator": "94.180.238.116", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 94.180.238.116 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-23 03:22 and 2026-03-23 03:31 UTC.", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4275709453, "indicator": "42.200.231.39", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 42.200.231.39 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 3 times when connecting to db1lapetro between 2026-03-23 02:57 and 2026-03-23 03:02 UTC.", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4173308969, "indicator": "36.250.220.51", "type": "IPv4", "created": "2026-03-23T05:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T05:02:58", "is_active": 1 }, { "id": 4278812355, "indicator": "46.117.75.125", "type": "IPv4", "created": "2026-03-23T06:03:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 46.117.75.125 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).", "expiration": "2026-04-22T06:03:05", "is_active": 1 }, { "id": 3434226265, "indicator": "170.130.55.216", "type": "IPv4", "created": "2026-03-23T06:03:20", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 170.130.55.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T06:03:05", "is_active": 1 }, { "id": 4216440221, "indicator": "112.122.236.251", "type": "IPv4", "created": "2026-03-23T06:03:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.236.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T06:03:05", "is_active": 1 }, { "id": 4008880804, "indicator": "118.212.122.3", "type": "IPv4", "created": "2026-03-23T06:03:20", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.122.3 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T06:03:05", "is_active": 1 }, { "id": 4278805745, "indicator": "120.77.145.160", "type": "IPv4", "created": "2026-03-23T06:03:20", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 120.77.145.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T06:03:05", "is_active": 1 }, { "id": 3619192920, "indicator": "160.202.144.182", "type": "IPv4", "created": "2026-03-23T06:03:20", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 160.202.144.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T06:03:05", "is_active": 1 }, { "id": 4262493319, "indicator": "117.72.211.46", "type": "IPv4", "created": "2026-03-23T06:03:20", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 117.72.211.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T06:03:05", "is_active": 1 }, { "id": 4225336436, "indicator": "190.52.63.198", "type": "IPv4", "created": "2026-03-23T06:03:20", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 190.52.63.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T06:03:05", "is_active": 1 }, { "id": 4268169015, "indicator": "128.185.249.46", "type": "IPv4", "created": "2026-03-23T06:03:20", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 128.185.249.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T06:03:05", "is_active": 1 }, { "id": 3584300140, "indicator": "216.24.212.164", "type": "IPv4", "created": "2026-03-23T06:03:20", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 216.24.212.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-22T06:03:05", "is_active": 1 }, { "id": 4272706194, "indicator": "23.95.86.214", "type": "IPv4", "created": "2026-03-23T06:03:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 23.95.86.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T06:03:05", "is_active": 1 }, { "id": 4275554386, "indicator": "34.77.166.77", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 34.77.166.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4015153563, "indicator": "82.151.196.17", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 82.151.196.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 3941896430, "indicator": "47.93.38.195", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.93.38.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4243015095, "indicator": "222.167.161.198", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 222.167.161.198 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4278818100, "indicator": "58.122.253.47", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 58.122.253.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4144276837, "indicator": "51.83.237.175", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 51.83.237.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4182416500, "indicator": "177.75.49.7", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 177.75.49.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4106434338, "indicator": "62.85.3.221", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from P?avi?as, Latvia (AS12578, SIA Tet). Observed targeting healthcare sector honeypot mdms-hp-01 via adbhoney. 1 events.", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4266848832, "indicator": "185.174.0.197", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 185.174.0.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4172971184, "indicator": "14.135.74.73", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4278818103, "indicator": "119.117.125.241", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 119.117.125.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4201208691, "indicator": "51.158.248.250", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 51.158.248.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4256384477, "indicator": "110.37.71.14", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 110.37.71.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4275709465, "indicator": "43.106.143.120", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 43.106.143.120 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4043772840, "indicator": "221.194.148.77", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 221.194.148.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4278812707, "indicator": "137.184.200.247", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 137.184.200.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4182511069, "indicator": "51.222.38.229", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 51.222.38.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4278809451, "indicator": "116.110.211.132", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Da Nang, Vietnam (AS24086, Viettel Corporation). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 3s; 5 events.", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4278504337, "indicator": "116.110.219.18", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Da Nang, Vietnam (AS24086, Viettel Corporation). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 2m 26s; 10 events.", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 3665832004, "indicator": "116.110.2.14", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 116.110.2.14 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 4 times when connecting to mdms1 between 2026-03-23 05:16 and 2026-03-23 05:31 UTC.", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4278805860, "indicator": "85.215.50.231", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 85.215.50.231 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 3 times when connecting to db1lapetro between 2026-03-23 05:15 and 2026-03-23 05:20 UTC.", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 4278811679, "indicator": "66.132.186.195", "type": "IPv4", "created": "2026-03-23T07:04:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. 66.132.186.195 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, multi-reported).", "expiration": "2026-04-22T07:03:26", "is_active": 1 }, { "id": 3637960593, "indicator": "108.167.178.116", "type": "IPv4", "created": "2026-03-23T08:06:56", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 108.167.178.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T08:05:03", "is_active": 1 }, { "id": 4278821859, "indicator": "47.196.0.210", "type": "IPv4", "created": "2026-03-23T08:06:56", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.196.0.210 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-22T08:05:03", "is_active": 1 }, { "id": 4278820616, "indicator": "116.30.205.153", "type": "IPv4", "created": "2026-03-23T08:06:56", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 116.30.205.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T08:05:03", "is_active": 1 }, { "id": 4268169376, "indicator": "154.180.236.235", "type": "IPv4", "created": "2026-03-23T08:06:56", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 154.180.236.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T08:05:03", "is_active": 1 }, { "id": 4173706208, "indicator": "222.176.200.6", "type": "IPv4", "created": "2026-03-23T08:06:56", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T08:05:03", "is_active": 1 }, { "id": 3988296497, "indicator": "111.230.213.46", "type": "IPv4", "created": "2026-03-23T08:06:56", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 111.230.213.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T08:05:03", "is_active": 1 }, { "id": 4278759466, "indicator": "45.137.194.26", "type": "IPv4", "created": "2026-03-23T08:06:56", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 45.137.194.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-22T08:05:03", "is_active": 1 }, { "id": 4278818166, "indicator": "66.132.195.117", "type": "IPv4", "created": "2026-03-23T08:06:56", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 66.132.195.117 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.c...' 3 times when connecting to mdms1 between 2026-03-23 06:31 and 2026-03-23 06:31 UTC.", "expiration": "2026-04-22T08:05:03", "is_active": 1 }, { "id": 4018493075, "indicator": "208.68.37.118", "type": "IPv4", "created": "2026-03-23T08:06:56", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. 1 events.", "expiration": "2026-04-22T08:05:03", "is_active": 1 }, { "id": 4096222661, "indicator": "51.75.129.164", "type": "IPv4", "created": "2026-03-23T08:06:56", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 51.75.129.164 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 3 times when connecting to db4lamedtech between 2026-03-23 06:11 and 2026-03-23 06:12 UTC.", "expiration": "2026-04-22T08:05:03", "is_active": 1 }, { "id": 4277306665, "indicator": "66.132.195.31", "type": "IPv4", "created": "2026-03-23T08:06:56", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T08:05:03", "is_active": 1 }, { "id": 4266735229, "indicator": "172.190.216.105", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 172.190.216.105 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 2 times when connecting to db1lapetro between 2026-03-23 08:51 and 2026-03-23 09:00 UTC.", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4278869067, "indicator": "118.118.232.89", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 118.118.232.89 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to mdms1 between 2026-03-23 08:51 and 2026-03-23 08:52 UTC.", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4125148736, "indicator": "59.52.100.213", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.100.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4181330278, "indicator": "14.135.75.55", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.75.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 3859015498, "indicator": "59.52.101.142", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 59.52.101.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 3997664346, "indicator": "118.212.120.143", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.120.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4269411942, "indicator": "114.225.151.4", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 114.225.151.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4278388732, "indicator": "66.132.195.74", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4158844352, "indicator": "36.250.221.34", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.34 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, ftp-brute, hacking).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4277225411, "indicator": "66.132.186.167", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.186.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4053742537, "indicator": "101.36.113.80", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 101.36.113.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4265283744, "indicator": "142.171.103.134", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 142.171.103.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4275860227, "indicator": "34.53.160.242", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Brussels, Belgium (AS396982, Google LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4228122996, "indicator": "113.249.107.31", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 113.249.107.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4274399905, "indicator": "62.77.240.222", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 62.77.240.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4278865952, "indicator": "84.247.145.61", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 84.247.145.61 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-03-23 08:20 and 2026-03-23 08:20 UTC.", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4278820367, "indicator": "62.169.28.92", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 62.169.28.92 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-03-23 08:15 and 2026-03-23 08:15 UTC.", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 3783049824, "indicator": "58.218.46.206", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 58.218.46.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4278828773, "indicator": "223.74.127.143", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 223.74.127.143 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 2 times when connecting to db4lamedtech between 2026-03-23 08:03 and 2026-03-23 08:11 UTC.", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 3820730840, "indicator": "106.4.161.49", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 106.4.161.49 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4278827529, "indicator": "181.16.140.222", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 181.16.140.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4278759770, "indicator": "66.132.195.47", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4278827530, "indicator": "144.48.130.14", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 144.48.130.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4277212703, "indicator": "43.162.124.245", "type": "IPv4", "created": "2026-03-23T09:07:03", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.162.124.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T09:07:02", "is_active": 1 }, { "id": 4278916167, "indicator": "39.73.201.50", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 39.73.201.50 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4055422058, "indicator": "103.201.145.28", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 103.201.145.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4224442367, "indicator": "144.48.132.101", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 144.48.132.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4278915123, "indicator": "64.23.146.30", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 64.23.146.30 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to db4lamedtech between 2026-03-23 09:43 and 2026-03-23 10:05 UTC.", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4278915221, "indicator": "165.22.106.154", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 165.22.106.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4278915220, "indicator": "160.191.208.13", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 160.191.208.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4226439971, "indicator": "14.135.75.176", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 14.135.75.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4278915211, "indicator": "66.132.224.231", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 66.132.224.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4278871509, "indicator": "89.188.72.128", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 89.188.72.128 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-03-23 09:29 and 2026-03-23 09:29 UTC.", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4182501264, "indicator": "59.173.108.54", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.54 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4173797673, "indicator": "27.47.27.73", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.27.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4278869686, "indicator": "192.9.153.12", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 192.9.153.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 144997, "indicator": "184.105.139.97", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 184.105.139.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4158000827, "indicator": "176.65.134.21", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.65.134.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4278869368, "indicator": "89.236.204.26", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 89.236.204.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 2601924454, "indicator": "91.92.137.26", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 91.92.137.26 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4198408812, "indicator": "162.243.204.135", "type": "IPv4", "created": "2026-03-23T10:07:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 162.243.204.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T10:07:11", "is_active": 1 }, { "id": 4268196277, "indicator": "190.216.132.25", "type": "IPv4", "created": "2026-03-23T11:07:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 190.216.132.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T11:07:19", "is_active": 1 }, { "id": 4226714056, "indicator": "5.189.188.55", "type": "IPv4", "created": "2026-03-23T11:07:20", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 5.189.188.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T11:07:19", "is_active": 1 }, { "id": 4227302411, "indicator": "122.3.106.113", "type": "IPv4", "created": "2026-03-23T11:07:20", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 122.3.106.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T11:07:19", "is_active": 1 }, { "id": 3930083989, "indicator": "183.134.88.251", "type": "IPv4", "created": "2026-03-23T11:07:20", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:reported-export. 183.134.88.251 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-22T11:07:19", "is_active": 1 }, { "id": 4155896689, "indicator": "92.63.243.134", "type": "IPv4", "created": "2026-03-23T11:07:20", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 92.63.243.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T11:07:19", "is_active": 1 }, { "id": 4051510482, "indicator": "103.173.7.207", "type": "IPv4", "created": "2026-03-23T11:07:20", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.173.7.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T11:07:19", "is_active": 1 }, { "id": 4277201130, "indicator": "115.190.237.119", "type": "IPv4", "created": "2026-03-23T11:07:20", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 115.190.237.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-22T11:07:19", "is_active": 1 }, { "id": 4274190994, "indicator": "108.175.0.166", "type": "IPv4", "created": "2026-03-23T11:07:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from United States (AS8560, IONOS SE). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. 1 events.", "expiration": "2026-04-22T11:07:19", "is_active": 1 }, { "id": 4278918243, "indicator": "66.132.186.204", "type": "IPv4", "created": "2026-03-23T11:07:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.186.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T11:07:19", "is_active": 1 }, { "id": 3842819941, "indicator": "182.88.191.189", "type": "IPv4", "created": "2026-03-23T11:07:20", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.88.191.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T11:07:19", "is_active": 1 }, { "id": 4278385827, "indicator": "159.223.159.240", "type": "IPv4", "created": "2026-03-23T11:07:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 14s; 14 events.", "expiration": "2026-04-22T11:07:19", "is_active": 1 }, { "id": 4198133233, "indicator": "161.132.56.31", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 161.132.56.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4277737290, "indicator": "66.132.186.217", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.186.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4276872660, "indicator": "143.110.246.150", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 143.110.246.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4278321348, "indicator": "176.176.81.250", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Li\u00e9vin, France (AS5410, Bouygues Telecom SA). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 9 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 mal...", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4225328222, "indicator": "201.218.189.155", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 201.218.189.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4278845651, "indicator": "190.216.132.24", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 190.216.132.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 3552303573, "indicator": "87.236.176.50", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 3784657906, "indicator": "201.187.80.45", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 201.187.80.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4184710573, "indicator": "112.94.188.131", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.188.131 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4278921266, "indicator": "160.30.103.84", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 160.30.103.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4173836802, "indicator": "106.117.117.166", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.117.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4227302466, "indicator": "134.199.158.149", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4277138660, "indicator": "66.132.186.168", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.186.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4276876405, "indicator": "80.66.66.60", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Finland (AS209702, Soldatov Alexey Valerevich). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. duration: 16s; 2 events.", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4271427825, "indicator": "217.148.142.100", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 217.148.142.100 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db4lamedtech between 2026-03-23 10:13 and 2026-03-23 10:30 UTC.", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4278674683, "indicator": "212.87.220.74", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 212.87.220.74 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 17 times when connecting to db1lapetro between 2026-03-23 10:11 and 2026-03-23 10:43 UTC.", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4278921972, "indicator": "66.132.195.109", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 66.132.195.109 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4277162072, "indicator": "66.132.186.189", "type": "IPv4", "created": "2026-03-23T12:07:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T12:07:25", "is_active": 1 }, { "id": 4134448722, "indicator": "5.63.107.38", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 5.63.107.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 3712140878, "indicator": "146.88.241.45", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 146.88.241.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 4272943896, "indicator": "43.153.157.30", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 43.153.157.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 2266962436, "indicator": "123.138.79.105", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.138.79.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 4165498974, "indicator": "114.97.191.102", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.102 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 4239346741, "indicator": "43.106.139.206", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.106.139.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 4022342936, "indicator": "118.212.120.191", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 2215933550, "indicator": "180.95.238.7", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 4278926366, "indicator": "188.166.189.101", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 188.166.189.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 275423037, "indicator": "103.72.8.97", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. Attacker IP from Delhi, India (AS151729, SWIFTIFY PRIVATE LIMITED). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 1m 58s; 35 events.", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 4146209634, "indicator": "45.186.240.200", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 45.186.240.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 4277212696, "indicator": "163.245.192.161", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 163.245.192.161 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to db4lamedtech between 2026-03-23 11:15 and 2026-03-23 11:33 UTC.", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 4278308765, "indicator": "66.132.195.53", "type": "IPv4", "created": "2026-03-23T13:08:37", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T13:08:35", "is_active": 1 }, { "id": 4278930189, "indicator": "66.132.195.72", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.195.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 3627243069, "indicator": "167.172.93.168", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 167.172.93.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 4200462098, "indicator": "50.28.84.26", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from United States (AS32244, Liquid Web, L.L.C). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 3850292858, "indicator": "220.167.233.252", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 4184749178, "indicator": "60.16.218.213", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 60.16.218.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 4170215975, "indicator": "180.111.30.46", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.111.30.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 4032926911, "indicator": "103.148.202.2", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 103.148.202.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 4275551077, "indicator": "14.103.81.100", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 14.103.81.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 4278929158, "indicator": "4.204.193.107", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 4.204.193.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 4197054619, "indicator": "175.107.237.80", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 175.107.237.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 2602127727, "indicator": "36.106.167.211", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 4278928771, "indicator": "34.140.157.172", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Brussels, Belgium (AS396982, Google LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via tanner. 1 events.", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 4027057692, "indicator": "59.52.100.21", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.52.100.21 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 3877003148, "indicator": "123.245.85.46", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 4269370156, "indicator": "116.176.76.217", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 116.176.76.217 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 3 times when connecting to mdms1 between 2026-03-23 12:23 and 2026-03-23 12:23 UTC.", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 4163287511, "indicator": "84.233.216.142", "type": "IPv4", "created": "2026-03-23T14:08:43", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Frankfurt am Main, Germany (AS212238, Datacamp Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 1s; 2 events.", "expiration": "2026-04-22T14:08:42", "is_active": 1 }, { "id": 4173658973, "indicator": "116.178.131.28", "type": "IPv4", "created": "2026-03-23T15:08:51", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-22T15:08:49", "is_active": 1 }, { "id": 4279490591, "indicator": "131.108.223.62", "type": "IPv4", "created": "2026-03-23T15:08:51", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 131.108.223.62 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).", "expiration": "2026-04-22T15:08:49", "is_active": 1 }, { "id": 4279345510, "indicator": "206.189.105.183", "type": "IPv4", "created": "2026-03-23T15:08:51", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Amsterdam, The Netherlands (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T15:08:49", "is_active": 1 }, { "id": 4279101884, "indicator": "66.132.195.126", "type": "IPv4", "created": "2026-03-23T15:08:51", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-22T15:08:49", "is_active": 1 }, { "id": 4018318205, "indicator": "165.227.238.203", "type": "IPv4", "created": "2026-03-23T15:08:51", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 165.227.238.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T15:08:49", "is_active": 1 }, { "id": 3364707276, "indicator": "81.68.179.56", "type": "IPv4", "created": "2026-03-23T15:08:51", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-22T15:08:49", "is_active": 1 }, { "id": 4177439414, "indicator": "106.117.111.197", "type": "IPv4", "created": "2026-03-23T15:08:51", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.111.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T15:08:49", "is_active": 1 }, { "id": 4151181582, "indicator": "82.13.157.237", "type": "IPv4", "created": "2026-03-23T15:08:51", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 82.13.157.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T15:08:49", "is_active": 1 }, { "id": 4180115495, "indicator": "116.178.131.70", "type": "IPv4", "created": "2026-03-23T15:08:51", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 116.178.131.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T15:08:49", "is_active": 1 }, { "id": 4271538618, "indicator": "117.245.85.149", "type": "IPv4", "created": "2026-03-23T15:08:51", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 117.245.85.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T15:08:49", "is_active": 1 }, { "id": 4278929998, "indicator": "125.36.254.113", "type": "IPv4", "created": "2026-03-23T15:08:51", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 125.36.254.113 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T15:08:49", "is_active": 1 }, { "id": 4278922844, "indicator": "20.63.98.227", "type": "IPv4", "created": "2026-03-23T15:08:51", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Toronto, Canada. Observed targeting healthcare sector honeypot medtech-hp-01 via h0neytr4p. duration: 4s; 57 events.", "expiration": "2026-04-22T15:08:49", "is_active": 1 }, { "id": 4152940605, "indicator": "182.52.236.235", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Thailand (AS23969, TOT Public Company Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 7 unique usernames, execution of 21 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of...", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4275554388, "indicator": "152.32.174.119", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 152.32.174.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4269370157, "indicator": "20.24.100.112", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hong Kong, Hong Kong (AS8075, Microsoft Corporation). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 8 unique usernames, execution of 44 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), deliv...", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4165501760, "indicator": "59.148.159.38", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 59.148.159.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4277158061, "indicator": "106.119.154.53", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included delivery of 1 malware sample. 2 events.", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4158862675, "indicator": "220.147.131.161", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 220.147.131.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4278759388, "indicator": "34.52.195.59", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 34.52.195.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4079683735, "indicator": "58.221.60.59", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 58.221.60.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4224726207, "indicator": "119.152.232.167", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 119.152.232.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 3850296274, "indicator": "44.220.188.45", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 44.220.188.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4279557360, "indicator": "167.99.39.37", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Amsterdam, The Netherlands (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4279488465, "indicator": "157.245.74.168", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 157.245.74.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4274191016, "indicator": "60.243.29.61", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 60.243.29.61 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 3 times when connecting to db4lamedtech between 2026-03-23 14:47 and 2026-03-23 14:47 UTC.", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4278321334, "indicator": "186.39.49.124", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from San Juan Bautista, Argentina (AS22927, Telefonica de Argentina). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4269362069, "indicator": "165.154.6.26", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hong Kong, Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 3 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware...", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4278316005, "indicator": "66.132.195.78", "type": "IPv4", "created": "2026-03-23T16:08:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting energy sector honeypot petroleum-hp-01 via redishoneypot. 6 events.", "expiration": "2026-04-22T16:08:56", "is_active": 1 }, { "id": 4113188608, "indicator": "18.97.26.92", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 18.97.26.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 2221536875, "indicator": "221.11.60.154", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 221.11.60.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4172922777, "indicator": "36.250.220.199", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 3841513894, "indicator": "171.8.138.98", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 171.8.138.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4279941861, "indicator": "152.42.160.246", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 152.42.160.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 2134735079, "indicator": "178.128.124.37", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 178.128.124.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4156071597, "indicator": "138.84.64.5", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 138.84.64.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4177856375, "indicator": "36.250.221.55", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.221.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4053193523, "indicator": "223.199.191.103", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 223.199.191.103 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4173373939, "indicator": "222.95.168.236", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.95.168.236 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 3714361043, "indicator": "49.232.167.144", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 49.232.167.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4279937274, "indicator": "159.89.229.171", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. 1 events.", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 3900951995, "indicator": "209.38.18.27", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 209.38.18.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 2727629857, "indicator": "36.152.142.35", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.152.142.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4173808227, "indicator": "116.178.130.173", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.173 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4279856699, "indicator": "66.132.195.112", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4178887081, "indicator": "159.223.12.157", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 159.223.12.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4279827584, "indicator": "66.132.195.121", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 1002617, "indicator": "114.35.88.142", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 114.35.88.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4224885370, "indicator": "206.189.84.29", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 206.189.84.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4279827695, "indicator": "20.43.23.11", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.43.23.11 observed using TLS client fingerprint 'Unknown TLS Client (7aeb810f97e5)' 2 times when connecting to db1lapetro between 2026-03-23 15:45 and 2026-03-23 15:45 UTC.", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4193814442, "indicator": "58.234.252.118", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 58.234.252.118 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to db1lapetro between 2026-03-23 14:44 and 2026-03-23 15:07 UTC.", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 4278951077, "indicator": "178.62.254.120", "type": "IPv4", "created": "2026-03-23T17:09:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Amsterdam, The Netherlands (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T17:09:03", "is_active": 1 }, { "id": 3994672790, "indicator": "18.97.5.121", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 18.97.5.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4279948768, "indicator": "139.59.243.96", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.243.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4279867009, "indicator": "40.85.222.197", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 40.85.222.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4271529551, "indicator": "116.176.77.163", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 116.176.77.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4265254782, "indicator": "13.220.49.234", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 13.220.49.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4264988906, "indicator": "13.222.238.246", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 13.222.238.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4279948435, "indicator": "43.225.52.34", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.225.52.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4279948313, "indicator": "66.132.195.88", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.195.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, ftp-brute, hacking).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4274263419, "indicator": "115.190.23.253", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 115.190.23.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4279947042, "indicator": "139.135.45.13", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP from Lahore, Pakistan (AS9541, Cyber Internet Services Pvt Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 1m 56s; 19 events.", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4274341709, "indicator": "61.240.139.28", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 61.240.139.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4234970822, "indicator": "152.67.43.17", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 152.67.43.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 3566717824, "indicator": "87.236.176.167", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4278815866, "indicator": "66.132.195.118", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.195.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4225562882, "indicator": "4.180.183.247", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 4.180.183.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 3825648675, "indicator": "45.115.176.106", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 45.115.176.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4279942276, "indicator": "66.132.195.99", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:dshield. 66.132.195.99 classified as scanning infrastructure conducting network reconnaissance (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (low, port-scan, reported).", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4271532035, "indicator": "68.235.40.3", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Chicago, United States (AS11878, tzulo, inc.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 1s; 4 events.", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 4277159142, "indicator": "189.146.74.172", "type": "IPv4", "created": "2026-03-23T18:09:10", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 189.146.74.172 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to offbackup1 between 2026-03-23 16:30 and 2026-03-23 16:48 UTC.", "expiration": "2026-04-22T18:09:10", "is_active": 1 }, { "id": 3860825094, "indicator": "123.163.114.189", "type": "IPv4", "created": "2026-03-23T19:09:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.163.114.189 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-22T19:09:52", "is_active": 1 }, { "id": 4225832663, "indicator": "103.18.14.190", "type": "IPv4", "created": "2026-03-23T19:09:53", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 103.18.14.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T19:09:52", "is_active": 1 }, { "id": 4279953463, "indicator": "101.70.109.88", "type": "IPv4", "created": "2026-03-23T19:09:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.70.109.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T19:09:52", "is_active": 1 }, { "id": 4179956745, "indicator": "59.173.110.222", "type": "IPv4", "created": "2026-03-23T19:09:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T19:09:52", "is_active": 1 }, { "id": 3020767319, "indicator": "193.163.125.144", "type": "IPv4", "created": "2026-03-23T19:09:53", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T19:09:52", "is_active": 1 }, { "id": 3552791270, "indicator": "87.236.176.81", "type": "IPv4", "created": "2026-03-23T19:09:53", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T19:09:52", "is_active": 1 }, { "id": 4279952219, "indicator": "59.183.104.135", "type": "IPv4", "created": "2026-03-23T19:09:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.183.104.135 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T19:09:52", "is_active": 1 }, { "id": 4279951757, "indicator": "64.227.7.138", "type": "IPv4", "created": "2026-03-23T19:09:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. 1 events.", "expiration": "2026-04-22T19:09:52", "is_active": 1 }, { "id": 4279947928, "indicator": "40.85.246.124", "type": "IPv4", "created": "2026-03-23T19:09:53", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 40.85.246.124 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 33 times when connecting to db4lamedtech between 2026-03-23 17:27 and 2026-03-23 17:27 UTC.", "expiration": "2026-04-22T19:09:52", "is_active": 1 }, { "id": 4279944031, "indicator": "143.198.208.185", "type": "IPv4", "created": "2026-03-23T19:09:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-22T19:09:52", "is_active": 1 }, { "id": 4279952258, "indicator": "24.144.110.209", "type": "IPv4", "created": "2026-03-23T19:09:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 24.144.110.209 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, high, multi-reported).", "expiration": "2026-04-22T19:09:52", "is_active": 1 }, { "id": 4274143034, "indicator": "187.212.40.215", "type": "IPv4", "created": "2026-03-23T19:09:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 187.212.40.215 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db4lamedtech between 2026-03-23 16:25 and 2026-03-23 17:12 UTC.", "expiration": "2026-04-22T19:09:52", "is_active": 1 }, { "id": 3854885842, "indicator": "44.220.188.49", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.188.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4276977982, "indicator": "207.180.205.155", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 207.180.205.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4172953482, "indicator": "36.250.221.89", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4163509303, "indicator": "36.250.220.13", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4275714593, "indicator": "43.245.143.215", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 43.245.143.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4274396575, "indicator": "20.198.83.136", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.198.83.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4250971491, "indicator": "77.227.216.75", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 77.227.216.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 3472516487, "indicator": "104.248.146.38", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 104.248.146.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 3832943152, "indicator": "220.167.232.103", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4266630684, "indicator": "98.84.153.117", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 98.84.153.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4266630654, "indicator": "13.222.168.56", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 13.222.168.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4263664473, "indicator": "54.164.38.251", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 54.164.38.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4279992696, "indicator": "5.187.1.80", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 5.187.1.80 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4263855552, "indicator": "54.226.186.42", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 54.226.186.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4263831820, "indicator": "54.163.179.109", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 54.163.179.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4263848496, "indicator": "54.196.157.164", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 54.196.157.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4164878642, "indicator": "101.249.62.38", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.62.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4265266803, "indicator": "59.98.68.177", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 59.98.68.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 2916934089, "indicator": "118.193.33.112", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Hong Kong, Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 eve...", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4279954653, "indicator": "123.144.24.166", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.144.24.166 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4247246840, "indicator": "67.20.225.220", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 67.20.225.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 3759797958, "indicator": "101.249.60.90", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.60.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4146173197, "indicator": "139.135.40.157", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 139.135.40.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4177348397, "indicator": "222.176.200.152", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4279951662, "indicator": "62.84.179.31", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 62.84.179.31 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-03-23 18:01 and 2026-03-23 18:01 UTC.", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 4279947929, "indicator": "159.65.252.173", "type": "IPv4", "created": "2026-03-23T20:10:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. Attacker IP from Clifton, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via tanner. 1 events.", "expiration": "2026-04-22T20:09:59", "is_active": 1 }, { "id": 3268064209, "indicator": "110.177.182.43", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.182.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 4278736184, "indicator": "50.35.34.14", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 50.35.34.14 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 3612561458, "indicator": "60.13.7.204", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 4272944885, "indicator": "219.244.43.16", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 219.244.43.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 3380499039, "indicator": "212.192.246.193", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 212.192.246.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched.", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 3845678514, "indicator": "60.13.7.182", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 60.13.7.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 4280000953, "indicator": "177.36.203.124", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 177.36.203.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 4262444078, "indicator": "1.192.202.92", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 1.192.202.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 4156354465, "indicator": "167.249.109.54", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 167.249.109.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 3940047211, "indicator": "114.35.175.59", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 114.35.175.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 4271538664, "indicator": "206.135.174.231", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 206.135.174.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 4279993035, "indicator": "46.101.82.104", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 46.101.82.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 4140678471, "indicator": "14.1.104.167", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 14.1.104.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 4275734496, "indicator": "34.121.238.252", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Council Bluffs, United States (AS396982, Google LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. 1 events.", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 4247088359, "indicator": "103.134.154.138", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.134.154.138 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to offbackup1 between 2026-03-23 19:09 and 2026-03-23 19:38 UTC.", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 4278508994, "indicator": "167.86.110.100", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 167.86.110.100 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to offbackup1 between 2026-03-23 19:02 and 2026-03-23 19:02 UTC.", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 4269358196, "indicator": "5.11.135.25", "type": "IPv4", "created": "2026-03-23T21:10:11", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 5.11.135.25 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to offbackup1 between 2026-03-23 18:51 and 2026-03-23 19:14 UTC.", "expiration": "2026-04-22T21:10:08", "is_active": 1 }, { "id": 3221019134, "indicator": "36.106.167.43", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4160195204, "indicator": "36.250.221.115", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.115 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4280062926, "indicator": "72.255.19.154", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 72.255.19.154 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4280061088, "indicator": "112.224.151.94", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, commands:executed. Attacker IP from Qingdao, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot mdms-hp-01 via adbhoney. Session included execution of 14 post-compromise commands, delivery of 4 malware samples. duration: 7m 42s; 25 events.", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4215953944, "indicator": "103.66.72.91", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 103.66.72.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4280061085, "indicator": "5.135.229.85", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 5.135.229.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4124865984, "indicator": "94.243.15.53", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 94.243.15.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4147484197, "indicator": "103.26.82.1", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 103.26.82.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4265279040, "indicator": "103.26.86.233", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 103.26.86.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4112391039, "indicator": "147.182.198.207", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 147.182.198.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4280001282, "indicator": "163.192.99.169", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 163.192.99.169 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; websiphon/0.2)' 13 times when connecting to mdms1 between 2026-03-23 20:52 and 2026-03-23 20:52 UTC.", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4278317942, "indicator": "82.223.11.222", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 82.223.11.222 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to offbackup1 between 2026-03-23 20:26 and 2026-03-23 20:43 UTC.", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4278740004, "indicator": "104.252.127.165", "type": "IPv4", "created": "2026-03-23T22:10:19", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 104.252.127.165 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to offbackup1 between 2026-03-23 20:23 and 2026-03-23 20:48 UTC.", "expiration": "2026-04-22T22:10:19", "is_active": 1 }, { "id": 4280106170, "indicator": "134.209.127.26", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 134.209.127.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4279956969, "indicator": "68.183.49.79", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 68.183.49.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 3512927159, "indicator": "170.254.80.78", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Petr\u00f3polis, Brazil (AS265100, FSI Telecomunicacoes LTDA). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 8 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), del...", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4280001281, "indicator": "157.245.204.161", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 157.245.204.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4278806936, "indicator": "66.132.224.92", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 4s; 2 events.", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4237376791, "indicator": "43.106.134.145", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.106.134.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4279950435, "indicator": "62.171.143.22", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 62.171.143.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4280066533, "indicator": "116.110.215.146", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Da Nang, Vietnam (AS24086, Viettel Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 2s; 5 events.", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4278828252, "indicator": "66.132.186.198", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.186.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4247420540, "indicator": "88.84.222.217", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 88.84.222.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 2819519949, "indicator": "60.13.6.152", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4203826160, "indicator": "172.178.16.179", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Washington, United States (AS8075, Microsoft Corporation). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 9m 43s; 15 events.", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4280065086, "indicator": "223.123.73.26", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Pakistan (AS59257, CMPak Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 4m 9s; 38 events.", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4250002400, "indicator": "175.107.237.194", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Lahore, Pakistan (AS9541, Cyber Internet Services Pvt Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 1m 30s; 15 events.", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4271538824, "indicator": "49.49.239.64", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 49.49.239.64 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to db4lamedtech between 2026-03-23 21:37 and 2026-03-23 21:56 UTC.", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4028050987, "indicator": "80.85.84.32", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from London, United Kingdom (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via conpot. 1 events.", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4278325429, "indicator": "66.132.195.39", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 6s; 2 events.", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4277308311, "indicator": "66.132.195.54", "type": "IPv4", "created": "2026-03-23T23:10:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-22T23:10:25", "is_active": 1 }, { "id": 4280112760, "indicator": "80.9.196.234", "type": "IPv4", "created": "2026-03-24T00:10:35", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 80.9.196.234 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T00:10:35", "is_active": 1 }, { "id": 3420817084, "indicator": "93.158.91.254", "type": "IPv4", "created": "2026-03-24T00:10:35", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 93.158.91.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T00:10:35", "is_active": 1 }, { "id": 3477126587, "indicator": "93.158.91.247", "type": "IPv4", "created": "2026-03-24T00:10:35", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 93.158.91.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T00:10:35", "is_active": 1 }, { "id": 3333886867, "indicator": "122.166.252.192", "type": "IPv4", "created": "2026-03-24T00:10:35", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 122.166.252.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T00:10:35", "is_active": 1 }, { "id": 4277212718, "indicator": "47.111.149.34", "type": "IPv4", "created": "2026-03-24T00:10:35", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.111.149.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T00:10:35", "is_active": 1 }, { "id": 4067681021, "indicator": "20.106.57.131", "type": "IPv4", "created": "2026-03-24T00:10:35", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 20.106.57.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T00:10:35", "is_active": 1 }, { "id": 4280110835, "indicator": "198.211.114.94", "type": "IPv4", "created": "2026-03-24T00:10:35", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 10s; 2 events.", "expiration": "2026-04-23T00:10:35", "is_active": 1 }, { "id": 4280059269, "indicator": "209.97.158.178", "type": "IPv4", "created": "2026-03-24T00:10:35", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Clifton, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-23T00:10:35", "is_active": 1 }, { "id": 4265260052, "indicator": "88.88.133.210", "type": "IPv4", "created": "2026-03-24T00:10:35", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 88.88.133.210 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-03-23 22:23 and 2026-03-23 22:24 UTC.", "expiration": "2026-04-23T00:10:35", "is_active": 1 }, { "id": 3726294838, "indicator": "137.184.139.189", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 137.184.139.189 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4279954527, "indicator": "81.230.133.222", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 81.230.133.222 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4275729405, "indicator": "35.225.29.21", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 35.225.29.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4162215443, "indicator": "59.52.176.7", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.52.176.7 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4034639435, "indicator": "117.40.113.247", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.40.113.247 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4037560609, "indicator": "171.36.6.175", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4172693517, "indicator": "116.178.131.118", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, cowrie. 116.178.131.118 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4280128546, "indicator": "180.149.208.46", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 180.149.208.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4278760763, "indicator": "66.132.224.227", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 66.132.224.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4280127957, "indicator": "123.183.190.132", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 123.183.190.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4227367515, "indicator": "175.107.228.201", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 175.107.228.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4275715451, "indicator": "159.203.89.63", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.203.89.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 3870569570, "indicator": "123.245.84.32", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 3756187641, "indicator": "171.12.10.219", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.12.10.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4188308807, "indicator": "171.116.43.103", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 171.116.43.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4280112761, "indicator": "204.141.229.20", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore, Singapore (AS152644, QINIU Limited). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4197989775, "indicator": "51.68.234.139", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. Attacker IP 51.68.234.139 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-03-23 23:43 and 2026-03-23 23:43 UTC.", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4260806674, "indicator": "150.241.107.229", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 150.241.107.229 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 3 times when connecting to offbackup1 between 2026-03-23 23:26 and 2026-03-23 23:26 UTC.", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4280109738, "indicator": "192.140.175.59", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 192.140.175.59 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 10 times when connecting to db4lamedtech between 2026-03-23 23:01 and 2026-03-23 23:01 UTC.", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4278325315, "indicator": "66.132.195.51", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4280001280, "indicator": "147.182.178.32", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 1s; 2 events.", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4278743624, "indicator": "66.132.195.85", "type": "IPv4", "created": "2026-03-24T01:10:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-23T01:10:48", "is_active": 1 }, { "id": 4172473981, "indicator": "222.176.201.240", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.240 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 4280135800, "indicator": "3.149.230.178", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 12m 43s; 9 events.", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 4280135801, "indicator": "64.227.0.127", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 64.227.0.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 4132559364, "indicator": "203.203.86.235", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 203.203.86.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 4075304812, "indicator": "130.61.193.112", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 130.61.193.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 4280135724, "indicator": "180.149.210.41", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 180.149.210.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 4272940407, "indicator": "191.6.55.198", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 191.6.55.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 2964765351, "indicator": "180.95.231.142", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 180.95.231.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 4280131919, "indicator": "192.241.140.168", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 4280131921, "indicator": "104.248.52.155", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 104.248.52.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 4174724091, "indicator": "51.83.9.109", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 51.83.9.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 4280112630, "indicator": "185.239.208.63", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 9 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 15m 57s; 45 events.", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 3868165481, "indicator": "44.220.188.71", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 44.220.188.71 observed using TLS client fingerprint 'Unknown TLS Client (5103125acceb)' 2 times when connecting to mdms1 between 2026-03-24 00:31 and 2026-03-24 00:31 UTC.", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 4262436745, "indicator": "165.154.6.104", "type": "IPv4", "created": "2026-03-24T02:11:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 165.154.6.104 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to offbackup1 between 2026-03-24 00:07 and 2026-03-24 00:25 UTC.", "expiration": "2026-04-23T02:10:59", "is_active": 1 }, { "id": 4239445702, "indicator": "156.252.12.28", "type": "IPv4", "created": "2026-03-24T03:11:14", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 156.252.12.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T03:11:14", "is_active": 1 }, { "id": 4067547429, "indicator": "20.106.48.199", "type": "IPv4", "created": "2026-03-24T03:11:14", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.106.48.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T03:11:14", "is_active": 1 }, { "id": 4266741374, "indicator": "43.228.104.170", "type": "IPv4", "created": "2026-03-24T03:11:14", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.104.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T03:11:14", "is_active": 1 }, { "id": 4027776981, "indicator": "134.122.125.222", "type": "IPv4", "created": "2026-03-24T03:11:14", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 134.122.125.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-23T03:11:14", "is_active": 1 }, { "id": 4039761507, "indicator": "82.199.104.42", "type": "IPv4", "created": "2026-03-24T03:11:14", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 82.199.104.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T03:11:14", "is_active": 1 }, { "id": 4280137331, "indicator": "103.248.93.111", "type": "IPv4", "created": "2026-03-24T03:11:14", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.248.93.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T03:11:14", "is_active": 1 }, { "id": 4173268094, "indicator": "116.178.130.67", "type": "IPv4", "created": "2026-03-24T03:11:14", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.130.67 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T03:11:14", "is_active": 1 }, { "id": 4268196117, "indicator": "89.167.43.70", "type": "IPv4", "created": "2026-03-24T03:11:14", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 89.167.43.70 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to db4lamedtech between 2026-03-24 01:55 and 2026-03-24 01:58 UTC.", "expiration": "2026-04-23T03:11:14", "is_active": 1 }, { "id": 4256358375, "indicator": "8.216.8.151", "type": "IPv4", "created": "2026-03-24T03:11:14", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 8.216.8.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T03:11:14", "is_active": 1 }, { "id": 4279948060, "indicator": "178.62.51.91", "type": "IPv4", "created": "2026-03-24T03:11:14", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 178.62.51.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T03:11:14", "is_active": 1 }, { "id": 4261319330, "indicator": "201.63.223.141", "type": "IPv4", "created": "2026-03-24T03:11:14", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 201.63.223.141 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to db1lapetro between 2026-03-24 01:24 and 2026-03-24 01:38 UTC.", "expiration": "2026-04-23T03:11:14", "is_active": 1 }, { "id": 4279956579, "indicator": "143.110.227.4", "type": "IPv4", "created": "2026-03-24T03:11:14", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Santa Clara, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 30s; 2 events.", "expiration": "2026-04-23T03:11:14", "is_active": 1 }, { "id": 4260070405, "indicator": "106.75.29.139", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.75.29.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 4280149275, "indicator": "8.131.97.106", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.131.97.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 4280149264, "indicator": "175.107.237.148", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 175.107.237.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 4280149143, "indicator": "66.132.186.181", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.186.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 4200775276, "indicator": "213.209.159.193", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 213.209.159.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 4277261451, "indicator": "165.140.158.249", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 165.140.158.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 4262424138, "indicator": "178.62.213.102", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 178.62.213.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 629629, "indicator": "184.105.139.81", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 184.105.139.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 4279948058, "indicator": "152.42.234.62", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 152.42.234.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 4280145770, "indicator": "69.55.55.73", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 69.55.55.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 4088102174, "indicator": "198.199.67.179", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. 1 events.", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 4278929302, "indicator": "66.132.224.80", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 66.132.224.80 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.c...' 2 times when connecting to db4lamedtech between 2026-03-24 02:58 and 2026-03-24 02:58 UTC.", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 4279952504, "indicator": "64.181.201.187", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 64.181.201.187 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, exploited-host, hacking).", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 4280140994, "indicator": "67.205.136.191", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 3930934330, "indicator": "189.50.142.78", "type": "IPv4", "created": "2026-03-24T04:11:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 189.50.142.78 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to db1lapetro between 2026-03-24 02:23 and 2026-03-24 03:06 UTC.", "expiration": "2026-04-23T04:11:19", "is_active": 1 }, { "id": 3630786596, "indicator": "138.68.153.47", "type": "IPv4", "created": "2026-03-24T05:12:21", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 138.68.153.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T05:12:19", "is_active": 1 }, { "id": 4272899220, "indicator": "190.216.132.2", "type": "IPv4", "created": "2026-03-24T05:12:21", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 190.216.132.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T05:12:19", "is_active": 1 }, { "id": 4278757883, "indicator": "101.47.20.210", "type": "IPv4", "created": "2026-03-24T05:12:21", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.47.20.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-23T05:12:19", "is_active": 1 }, { "id": 3255514846, "indicator": "164.90.201.75", "type": "IPv4", "created": "2026-03-24T05:12:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 164.90.201.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-23T05:12:19", "is_active": 1 }, { "id": 4280151216, "indicator": "198.199.85.157", "type": "IPv4", "created": "2026-03-24T05:12:21", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 198.199.85.157 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, port-scan).", "expiration": "2026-04-23T05:12:19", "is_active": 1 }, { "id": 4226232376, "indicator": "54.87.249.44", "type": "IPv4", "created": "2026-03-24T05:12:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 54.87.249.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T05:12:19", "is_active": 1 }, { "id": 4279949290, "indicator": "193.164.132.72", "type": "IPv4", "created": "2026-03-24T05:12:21", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.164.132.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T05:12:19", "is_active": 1 }, { "id": 4278325454, "indicator": "175.0.66.52", "type": "IPv4", "created": "2026-03-24T05:12:21", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 175.0.66.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-23T05:12:19", "is_active": 1 }, { "id": 4169413275, "indicator": "36.250.220.183", "type": "IPv4", "created": "2026-03-24T05:12:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T05:12:19", "is_active": 1 }, { "id": 4279954378, "indicator": "193.39.187.82", "type": "IPv4", "created": "2026-03-24T05:12:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 193.39.187.82 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 2 times when connecting to db4lamedtech between 2026-03-24 03:52 and 2026-03-24 03:52 UTC.", "expiration": "2026-04-23T05:12:19", "is_active": 1 }, { "id": 4280149267, "indicator": "87.180.3.60", "type": "IPv4", "created": "2026-03-24T05:12:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 87.180.3.60 observed using SSH client fingerprint 'Unknown SSH Client (46c5bd974888)' 2 times when connecting to mdms1 between 2026-03-24 03:30 and 2026-03-24 03:30 UTC.", "expiration": "2026-04-23T05:12:19", "is_active": 1 }, { "id": 4279993031, "indicator": "168.144.40.190", "type": "IPv4", "created": "2026-03-24T05:12:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-23T05:12:19", "is_active": 1 }, { "id": 3850345410, "indicator": "103.170.40.58", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.170.40.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 3918710583, "indicator": "100.29.192.120", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 100.29.192.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4243235057, "indicator": "43.106.138.7", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 43.106.138.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 3020767492, "indicator": "193.163.125.227", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 193.163.125.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4280210647, "indicator": "66.132.224.235", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.224.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4279954325, "indicator": "180.93.36.121", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 180.93.36.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4278747238, "indicator": "66.132.224.238", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.224.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, ftp-brute, hacking).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4280205732, "indicator": "115.49.1.54", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 115.49.1.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4280205737, "indicator": "117.245.138.49", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 117.245.138.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4161545167, "indicator": "66.167.169.202", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.167.169.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4280205724, "indicator": "110.168.236.76", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. Attacker IP from Buriram, Thailand (AS17552, True Online). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 2m 11s; 4 events.", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4125729687, "indicator": "175.153.167.176", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level3. 175.153.167.176 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 3743942947, "indicator": "167.99.206.145", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 167.99.206.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4278509059, "indicator": "146.190.91.96", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh2_1.11.1 (HASSH: 19532158b559...); duration: 6m 51s; 15 events.", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4275707948, "indicator": "123.191.136.22", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.191.136.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4278828092, "indicator": "125.167.187.201", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 125.167.187.201 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to offbackup1 between 2026-03-24 04:05 and 2026-03-24 04:28 UTC.", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4280058749, "indicator": "130.211.93.147", "type": "IPv4", "created": "2026-03-24T06:12:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Brussels, Belgium (AS396982, Google LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-23T06:12:38", "is_active": 1 }, { "id": 4277159800, "indicator": "58.249.136.185", "type": "IPv4", "created": "2026-03-24T07:12:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Guangzhou, China (AS17622, China Unicom Guangzhou network). Observed targeting government sector honeypot backup-hp-01 via cowrie. 1 events.", "expiration": "2026-04-23T07:12:46", "is_active": 1 }, { "id": 3521495492, "indicator": "157.245.253.52", "type": "IPv4", "created": "2026-03-24T07:12:46", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 157.245.253.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T07:12:46", "is_active": 1 }, { "id": 4066497702, "indicator": "48.217.233.215", "type": "IPv4", "created": "2026-03-24T07:12:46", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 48.217.233.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T07:12:46", "is_active": 1 }, { "id": 4180924527, "indicator": "42.192.105.48", "type": "IPv4", "created": "2026-03-24T07:12:46", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 42.192.105.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T07:12:46", "is_active": 1 }, { "id": 4280212443, "indicator": "66.132.224.94", "type": "IPv4", "created": "2026-03-24T07:12:46", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.224.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T07:12:46", "is_active": 1 }, { "id": 4274340166, "indicator": "180.130.116.170", "type": "IPv4", "created": "2026-03-24T07:12:46", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 180.130.116.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T07:12:46", "is_active": 1 }, { "id": 4047270760, "indicator": "213.152.161.50", "type": "IPv4", "created": "2026-03-24T07:12:46", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 213.152.161.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T07:12:46", "is_active": 1 }, { "id": 3648146456, "indicator": "122.4.225.2", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 122.4.225.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 3775255083, "indicator": "192.36.109.117", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 192.36.109.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 4278321393, "indicator": "118.145.114.107", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 118.145.114.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 4169915276, "indicator": "36.250.221.92", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 4124303633, "indicator": "218.19.14.194", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Guangzhou, China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via adbhoney. 1 events.", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 4189981973, "indicator": "110.37.53.25", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.37.53.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 4121058763, "indicator": "121.66.236.9", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 121.66.236.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 4128521919, "indicator": "185.174.138.129", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.174.138.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 4117250512, "indicator": "121.181.94.166", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.181.94.166 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (24 commands), 4 malware samples. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 2193636991, "indicator": "58.210.128.34", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.210.128.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 4080917113, "indicator": "36.97.177.60", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 36.97.177.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 4275697705, "indicator": "66.132.172.229", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.172.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 3987641899, "indicator": "159.203.43.104", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 159.203.43.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 4280257135, "indicator": "64.227.182.140", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 64.227.182.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 4280059266, "indicator": "104.236.88.138", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 104.236.88.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 2181324615, "indicator": "157.230.44.79", "type": "IPv4", "created": "2026-03-24T08:12:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 157.230.44.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T08:12:52", "is_active": 1 }, { "id": 4272937897, "indicator": "103.173.7.162", "type": "IPv4", "created": "2026-03-24T09:13:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 103.173.7.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T09:13:00", "is_active": 1 }, { "id": 4280257789, "indicator": "14.225.18.20", "type": "IPv4", "created": "2026-03-24T09:13:02", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.225.18.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T09:13:00", "is_active": 1 }, { "id": 4239345615, "indicator": "181.104.58.196", "type": "IPv4", "created": "2026-03-24T09:13:02", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 181.104.58.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T09:13:00", "is_active": 1 }, { "id": 4277234140, "indicator": "104.192.1.66", "type": "IPv4", "created": "2026-03-24T09:13:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 104.192.1.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T09:13:00", "is_active": 1 }, { "id": 4198400747, "indicator": "147.182.228.46", "type": "IPv4", "created": "2026-03-24T09:13:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 147.182.228.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T09:13:00", "is_active": 1 }, { "id": 4271563296, "indicator": "206.135.174.22", "type": "IPv4", "created": "2026-03-24T09:13:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 206.135.174.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T09:13:00", "is_active": 1 }, { "id": 4280204854, "indicator": "165.227.193.64", "type": "IPv4", "created": "2026-03-24T09:13:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via mailoney. 1 events.", "expiration": "2026-04-23T09:13:00", "is_active": 1 }, { "id": 4280313885, "indicator": "74.101.50.248", "type": "IPv4", "created": "2026-03-24T10:13:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 74.101.50.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T10:13:07", "is_active": 1 }, { "id": 4277090175, "indicator": "152.53.22.186", "type": "IPv4", "created": "2026-03-24T10:13:08", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 152.53.22.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T10:13:07", "is_active": 1 }, { "id": 3916046362, "indicator": "39.105.35.153", "type": "IPv4", "created": "2026-03-24T10:13:08", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 39.105.35.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-23T10:13:07", "is_active": 1 }, { "id": 4187079630, "indicator": "178.62.251.68", "type": "IPv4", "created": "2026-03-24T10:13:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 178.62.251.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T10:13:07", "is_active": 1 }, { "id": 4280310369, "indicator": "188.166.115.207", "type": "IPv4", "created": "2026-03-24T10:13:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 188.166.115.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T10:13:07", "is_active": 1 }, { "id": 4280308540, "indicator": "34.22.172.118", "type": "IPv4", "created": "2026-03-24T10:13:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 34.22.172.118 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, hacking, low).", "expiration": "2026-04-23T10:13:07", "is_active": 1 }, { "id": 3948448828, "indicator": "112.46.214.58", "type": "IPv4", "created": "2026-03-24T10:13:08", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 112.46.214.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T10:13:07", "is_active": 1 }, { "id": 4278321344, "indicator": "219.145.1.160", "type": "IPv4", "created": "2026-03-24T10:13:08", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 219.145.1.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T10:13:07", "is_active": 1 }, { "id": 4278815865, "indicator": "66.132.186.186", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.186.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4280316198, "indicator": "66.132.195.116", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.195.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 3557767223, "indicator": "87.236.176.6", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4154702349, "indicator": "162.240.226.121", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 162.240.226.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4091729695, "indicator": "18.97.19.138", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 18.97.19.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 3853816798, "indicator": "221.207.34.31", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.34.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4277262289, "indicator": "66.132.186.185", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.186.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 3861819705, "indicator": "157.245.94.239", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 157.245.94.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, port-scan).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4186985757, "indicator": "178.62.248.212", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 178.62.248.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 3697308283, "indicator": "64.34.173.243", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 64.34.173.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4093444457, "indicator": "212.100.67.239", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 212.100.67.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4277212701, "indicator": "190.45.66.75", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 190.45.66.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4184360477, "indicator": "66.167.166.217", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 66.167.166.217 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4277159781, "indicator": "49.213.193.61", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 49.213.193.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4280314535, "indicator": "47.86.62.106", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.86.62.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4278828064, "indicator": "42.55.62.153", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 42.55.62.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4280128368, "indicator": "66.132.195.92", "type": "IPv4", "created": "2026-03-24T11:13:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-23T11:13:12", "is_active": 1 }, { "id": 4173860421, "indicator": "222.176.201.247", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.247 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 4127990850, "indicator": "18.97.26.57", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 18.97.26.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 4167700150, "indicator": "144.123.76.70", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 144.123.76.70 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 3911620204, "indicator": "58.212.237.6", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.6 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 2119958390, "indicator": "131.255.152.2", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 131.255.152.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 4280319751, "indicator": "103.72.9.132", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 103.72.9.132 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 2275347160, "indicator": "60.167.178.5", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 60.167.178.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 4278747237, "indicator": "66.132.224.223", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.132.224.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 3557711024, "indicator": "87.236.176.125", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 2222509615, "indicator": "221.11.60.148", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.11.60.148 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 4280319028, "indicator": "59.103.104.48", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 59.103.104.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 3580104331, "indicator": "23.27.186.227", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 23.27.186.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 4274261140, "indicator": "206.135.161.99", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 206.135.161.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 4173672219, "indicator": "221.13.93.184", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.13.93.184 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 4278317361, "indicator": "66.132.195.58", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 4280317754, "indicator": "66.132.195.124", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.195.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 4280317839, "indicator": "161.8.211.89", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 161.8.211.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 4275699101, "indicator": "116.149.240.90", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 116.149.240.90 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0' 34 times when connecting to db1lapetro between 2026-03-24 10:38 and 2026-03-24 10:38 UTC.", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 3867649949, "indicator": "46.101.74.113", "type": "IPv4", "created": "2026-03-24T12:13:23", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 46.101.74.113 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 17 times when connecting to offbackup1 between 2026-03-24 10:15 and 2026-03-24 10:41 UTC.", "expiration": "2026-04-23T12:13:22", "is_active": 1 }, { "id": 4178976354, "indicator": "86.96.101.1", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 86.96.101.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 4280323925, "indicator": "66.132.195.108", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.195.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 4167699541, "indicator": "114.97.190.219", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 4280321990, "indicator": "206.135.161.79", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 206.135.161.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 2129098227, "indicator": "167.71.89.126", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Clifton, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 1s; 5 events.", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 4280322150, "indicator": "178.62.218.148", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 178.62.218.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 3767439656, "indicator": "192.36.109.82", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 192.36.109.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 3696538411, "indicator": "192.36.109.118", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 192.36.109.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 4280285661, "indicator": "66.132.195.66", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.195.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 4116321311, "indicator": "118.37.92.184", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 118.37.92.184 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 4280320842, "indicator": "184.32.47.181", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 184.32.47.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 4280209771, "indicator": "157.180.68.246", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Helsinki, Finland (AS24940, Hetzner Online GmbH) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, ...", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 4161541834, "indicator": "103.77.106.81", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 103.77.106.81 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko...' 2 times when connecting to db1lapetro between 2026-03-24 11:42 and 2026-03-24 11:42 UTC.", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 4278815867, "indicator": "66.132.195.95", "type": "IPv4", "created": "2026-03-24T13:14:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. 1 events.", "expiration": "2026-04-23T13:14:30", "is_active": 1 }, { "id": 4182614026, "indicator": "59.47.67.208", "type": "IPv4", "created": "2026-03-24T13:23:44", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 59.47.67.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T13:23:43", "is_active": 1 }, { "id": 3898375903, "indicator": "221.207.35.162", "type": "IPv4", "created": "2026-03-24T14:31:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T14:31:13", "is_active": 1 }, { "id": 4225008448, "indicator": "121.140.134.48", "type": "IPv4", "created": "2026-03-24T14:31:33", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 121.140.134.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T14:31:13", "is_active": 1 }, { "id": 4280367711, "indicator": "175.137.143.223", "type": "IPv4", "created": "2026-03-24T14:31:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 175.137.143.223 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).", "expiration": "2026-04-23T14:31:13", "is_active": 1 }, { "id": 454122335, "indicator": "71.42.105.34", "type": "IPv4", "created": "2026-03-24T14:31:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 71.42.105.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T14:31:13", "is_active": 1 }, { "id": 4230008825, "indicator": "103.18.14.244", "type": "IPv4", "created": "2026-03-24T14:31:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.18.14.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T14:31:13", "is_active": 1 }, { "id": 4280366054, "indicator": "147.45.45.37", "type": "IPv4", "created": "2026-03-24T14:31:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Amsterdam, The Netherlands (AS205775, Neon Core Network LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 3m 33s; 15 events.", "expiration": "2026-04-23T14:31:13", "is_active": 1 }, { "id": 3882569387, "indicator": "89.163.254.14", "type": "IPv4", "created": "2026-03-24T14:31:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Germany (AS24961, WIIT AG). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 1m 41s; 10 events.", "expiration": "2026-04-23T14:31:13", "is_active": 1 }, { "id": 4274151225, "indicator": "119.205.179.217", "type": "IPv4", "created": "2026-03-24T14:31:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Chuncheon, South Korea (AS4766, Korea Telecom). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2m 14s; 10 events.", "expiration": "2026-04-23T14:31:13", "is_active": 1 }, { "id": 4277212918, "indicator": "64.20.46.202", "type": "IPv4", "created": "2026-03-24T14:31:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 64.20.46.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T14:31:13", "is_active": 1 }, { "id": 4277159597, "indicator": "38.76.194.206", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 38.76.194.206 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 4 times when connecting to mdms1 between 2026-03-24 15:20 and 2026-03-24 15:21 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 2909397028, "indicator": "143.110.211.250", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.110.211.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4277158463, "indicator": "130.49.176.50", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 130.49.176.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280466089, "indicator": "20.151.251.35", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.151.251.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280455095, "indicator": "66.132.195.48", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 66.132.195.48 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (critical, hacking, multi-reported).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4009706013, "indicator": "188.12.100.131", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 188.12.100.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280466090, "indicator": "46.101.217.103", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from Frankfurt am Main, Germany (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via tanner. duration: 1s; 2 events.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4278836440, "indicator": "66.132.186.188", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.186.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280438417, "indicator": "27.79.4.8", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 27.79.4.8 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 11 times when connecting to db4lamedtech between 2026-03-24 14:49 and 2026-03-24 15:30 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 2731707111, "indicator": "27.79.7.233", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 27.79.7.233 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 12 times when connecting to db4lamedtech between 2026-03-24 14:48 and 2026-03-24 15:28 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280438422, "indicator": "180.75.202.153", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 180.75.202.153 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 2926365719, "indicator": "18.224.93.149", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 18.224.93.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280265501, "indicator": "119.198.156.144", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 119.198.156.144 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to db4lamedtech between 2026-03-24 14:41 and 2026-03-24 15:00 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4274396576, "indicator": "157.230.129.46", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 157.230.129.46 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db1lapetro between 2026-03-24 14:37 and 2026-03-24 14:58 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280273138, "indicator": "66.132.224.232", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.224.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 3759125412, "indicator": "36.106.166.67", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 3915001973, "indicator": "1.24.16.63", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 1.24.16.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4153610778, "indicator": "180.111.30.145", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.145 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4148129588, "indicator": "180.111.30.102", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.102 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 3728007653, "indicator": "103.181.160.3", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.181.160.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4012905241, "indicator": "110.177.178.81", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 110.177.178.81 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4011658987, "indicator": "185.247.137.51", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 3555149524, "indicator": "87.236.176.41", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4278756062, "indicator": "201.163.59.226", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 201.163.59.226 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to db1lapetro between 2026-03-24 14:15 and 2026-03-24 14:39 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4227133174, "indicator": "43.162.107.16", "type": "IPv4", "created": "2026-03-24T15:33:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 43.162.107.16 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 4 times when connecting to mdms1 between 2026-03-24 13:24 and 2026-03-24 13:24 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4277159597, "indicator": "38.76.194.206", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 38.76.194.206 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 4 times when connecting to mdms1 between 2026-03-24 15:20 and 2026-03-24 15:21 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 2909397028, "indicator": "143.110.211.250", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.110.211.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4277158463, "indicator": "130.49.176.50", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 130.49.176.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280466089, "indicator": "20.151.251.35", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.151.251.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280455095, "indicator": "66.132.195.48", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 66.132.195.48 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (critical, hacking, multi-reported).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4009706013, "indicator": "188.12.100.131", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 188.12.100.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280466090, "indicator": "46.101.217.103", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from Frankfurt am Main, Germany (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via tanner. duration: 1s; 2 events.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4278836440, "indicator": "66.132.186.188", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.186.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280438417, "indicator": "27.79.4.8", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 27.79.4.8 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 11 times when connecting to db4lamedtech between 2026-03-24 14:49 and 2026-03-24 15:30 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 2731707111, "indicator": "27.79.7.233", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 27.79.7.233 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 12 times when connecting to db4lamedtech between 2026-03-24 14:48 and 2026-03-24 15:28 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280438422, "indicator": "180.75.202.153", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 180.75.202.153 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 2926365719, "indicator": "18.224.93.149", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 18.224.93.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280265501, "indicator": "119.198.156.144", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 119.198.156.144 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to db4lamedtech between 2026-03-24 14:41 and 2026-03-24 15:00 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4274396576, "indicator": "157.230.129.46", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 157.230.129.46 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db1lapetro between 2026-03-24 14:37 and 2026-03-24 14:58 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4280273138, "indicator": "66.132.224.232", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 66.132.224.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 3759125412, "indicator": "36.106.166.67", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 3915001973, "indicator": "1.24.16.63", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 1.24.16.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4153610778, "indicator": "180.111.30.145", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.145 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4148129588, "indicator": "180.111.30.102", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.102 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 3728007653, "indicator": "103.181.160.3", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.181.160.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4012905241, "indicator": "110.177.178.81", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 110.177.178.81 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4011658987, "indicator": "185.247.137.51", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 3555149524, "indicator": "87.236.176.41", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4278756062, "indicator": "201.163.59.226", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 201.163.59.226 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to db1lapetro between 2026-03-24 14:15 and 2026-03-24 14:39 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4227133174, "indicator": "43.162.107.16", "type": "IPv4", "created": "2026-03-24T15:34:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 43.162.107.16 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 4 times when connecting to mdms1 between 2026-03-24 13:24 and 2026-03-24 13:24 UTC.", "expiration": "2026-04-23T15:32:04", "is_active": 1 }, { "id": 4056840131, "indicator": "80.66.66.70", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 80.66.66.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4275615740, "indicator": "168.138.210.38", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 168.138.210.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4173362827, "indicator": "14.135.74.46", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 14.135.74.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4222299424, "indicator": "110.36.20.111", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 110.36.20.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4166614871, "indicator": "36.250.220.226", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.250.220.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4165499230, "indicator": "121.29.149.221", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4278828262, "indicator": "118.46.93.2", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 118.46.93.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 3434055651, "indicator": "123.144.26.111", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.144.26.111 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4279950448, "indicator": "196.118.81.167", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 196.118.81.167 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db1lapetro between 2026-03-24 15:52 and 2026-03-24 16:14 UTC.", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4275710903, "indicator": "176.65.132.107", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 176.65.132.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4280492756, "indicator": "85.93.90.160", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 85.93.90.160 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 5 times when connecting to db4lamedtech between 2026-03-24 15:41 and 2026-03-24 15:41 UTC.", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4278820363, "indicator": "66.132.186.187", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.186.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4208304449, "indicator": "36.140.70.83", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 36.140.70.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4142974276, "indicator": "111.26.6.111", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 111.26.6.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4280140992, "indicator": "66.132.195.91", "type": "IPv4", "created": "2026-03-24T16:35:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-23T16:35:23", "is_active": 1 }, { "id": 4276919891, "indicator": "185.73.113.239", "type": "IPv4", "created": "2026-03-24T17:35:52", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 185.73.113.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T17:35:44", "is_active": 1 }, { "id": 4204818477, "indicator": "47.95.4.100", "type": "IPv4", "created": "2026-03-24T17:35:52", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.95.4.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T17:35:44", "is_active": 1 }, { "id": 3448899938, "indicator": "220.82.236.135", "type": "IPv4", "created": "2026-03-24T17:35:52", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 220.82.236.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T17:35:44", "is_active": 1 }, { "id": 4280786652, "indicator": "205.254.166.82", "type": "IPv4", "created": "2026-03-24T17:35:52", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Bengaluru, India (AS133982, Excitel Broadband Private Limited). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-23T17:35:44", "is_active": 1 }, { "id": 4181118144, "indicator": "110.90.224.8", "type": "IPv4", "created": "2026-03-24T17:35:52", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.90.224.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T17:35:44", "is_active": 1 }, { "id": 4280564747, "indicator": "20.63.12.125", "type": "IPv4", "created": "2026-03-24T17:35:52", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.63.12.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T17:35:44", "is_active": 1 }, { "id": 4280304126, "indicator": "147.182.164.177", "type": "IPv4", "created": "2026-03-24T17:35:52", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 35s; 33 events.", "expiration": "2026-04-23T17:35:44", "is_active": 1 }, { "id": 4280196735, "indicator": "66.132.195.61", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4185937322, "indicator": "123.144.24.125", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.144.24.125 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4281013337, "indicator": "106.117.111.185", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.117.111.185 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4166181135, "indicator": "114.97.190.140", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 114.97.190.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4019787251, "indicator": "104.207.39.133", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack, cowrie. 104.207.39.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, low, multi-reported).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 3529181393, "indicator": "204.76.203.17", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 204.76.203.17 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 2 times when connecting to db1lapetro between 2026-03-24 18:05 and 2026-03-24 18:11 UTC.", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4281047616, "indicator": "45.56.70.157", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 45.56.70.157 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 2 times when connecting to mdms1 between 2026-03-24 18:05 and 2026-03-24 18:05 UTC.", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4280990766, "indicator": "36.250.220.111", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.111 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4041319589, "indicator": "87.121.84.93", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.121.84.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4187850345, "indicator": "103.98.152.27", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 103.98.152.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4272704082, "indicator": "165.154.6.34", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hong Kong, Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration:...", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4271531186, "indicator": "43.153.108.173", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.153.108.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4263074606, "indicator": "34.238.240.3", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 34.238.240.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4271549295, "indicator": "54.221.170.110", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 54.221.170.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4280922514, "indicator": "183.182.125.142", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:reported, abuseipdb:ssh, abuseipdb:well-known. Attacker IP from Vientiane, Laos (AS131267, Star Telecom). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4280194721, "indicator": "124.156.110.136", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 124.156.110.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4280906120, "indicator": "188.166.34.75", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Amsterdam, The Netherlands (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4009316115, "indicator": "123.160.173.27", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.160.173.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4280869331, "indicator": "121.186.169.6", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.186.169.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4173363876, "indicator": "121.29.84.111", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 121.29.84.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4178812676, "indicator": "36.250.221.69", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 3955425103, "indicator": "98.80.4.4", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 98.80.4.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4280310704, "indicator": "80.66.66.10", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 80.66.66.10 observed using SSH client fingerprint 'Unknown SSH Client (eff4c24daffc)' 2 times when connecting to db4lamedtech between 2026-03-24 17:12 and 2026-03-24 18:22 UTC.", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4280786846, "indicator": "106.92.90.9", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.92.90.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4280625826, "indicator": "103.244.172.119", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 103.244.172.119 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4192105701, "indicator": "27.47.25.215", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.25.215 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4280214027, "indicator": "134.122.20.104", "type": "IPv4", "created": "2026-03-24T18:36:09", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-23T18:36:08", "is_active": 1 }, { "id": 4201109466, "indicator": "137.59.230.17", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 137.59.230.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4004401402, "indicator": "61.160.122.234", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 61.160.122.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4278840880, "indicator": "66.132.186.190", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.186.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4218400027, "indicator": "185.242.3.241", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4157007502, "indicator": "38.56.81.68", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 38.56.81.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4157967411, "indicator": "47.102.45.1", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.102.45.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 3863150104, "indicator": "199.45.154.191", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 199.45.154.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4161542621, "indicator": "14.1.105.96", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 14.1.105.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4281140997, "indicator": "15.181.97.95", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 15.181.97.95 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 2 times when connecting to mdms1 between 2026-03-24 18:42 and 2026-03-24 18:42 UTC.", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 3957690667, "indicator": "82.153.138.184", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 82.153.138.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4281006659, "indicator": "66.132.195.101", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 66.132.195.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4275620383, "indicator": "76.91.25.25", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 76.91.25.25 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4021830814, "indicator": "59.52.226.146", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 59.52.226.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4281059743, "indicator": "175.139.113.173", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Port Klang, Malaysia (AS4788, TM TECHNOLOGY SERVICES SDN. BHD.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 36s; 2 events.", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4120920332, "indicator": "45.94.31.99", "type": "IPv4", "created": "2026-03-24T19:36:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:firehol_level1. 45.94.31.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, low, reported).", "expiration": "2026-04-23T19:36:15", "is_active": 1 }, { "id": 4135627268, "indicator": "143.198.38.213", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 143.198.38.213 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (high, multi-reported, reported).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4271646578, "indicator": "42.4.61.223", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 42.4.61.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4278317360, "indicator": "66.132.195.41", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.195.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4272935721, "indicator": "61.137.147.126", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 61.137.147.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4281355594, "indicator": "124.253.196.127", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 124.253.196.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4010221453, "indicator": "133.106.102.37", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 133.106.102.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4263074694, "indicator": "44.202.55.17", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 44.202.55.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4263664077, "indicator": "3.81.230.20", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 3.81.230.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4272949016, "indicator": "52.90.41.108", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 52.90.41.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4263826215, "indicator": "100.26.194.24", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 100.26.194.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4263826423, "indicator": "13.221.117.222", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4263582675, "indicator": "100.31.213.204", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 100.31.213.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4262478971, "indicator": "18.208.191.195", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 18.208.191.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4262481568, "indicator": "52.207.238.74", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 52.207.238.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4034755744, "indicator": "75.119.143.158", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 75.119.143.158 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to mdms1 between 2026-03-24 19:21 and 2026-03-24 19:22 UTC.", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 4281199157, "indicator": "175.137.198.221", "type": "IPv4", "created": "2026-03-24T20:36:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Kuala Lumpur, Malaysia (AS4788, TM TECHNOLOGY SERVICES SDN. BHD.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 2m 38s; 4 events.", "expiration": "2026-04-23T20:36:32", "is_active": 1 }, { "id": 3326487259, "indicator": "137.184.105.192", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 137.184.105.192 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 zgrab/0.x' 2 times when connecting to db4lamedtech between 2026-03-24 21:25 and 2026-03-24 21:25 UTC.", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4011586704, "indicator": "185.247.137.105", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4203960182, "indicator": "117.242.152.81", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.242.152.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 3810728903, "indicator": "137.184.18.19", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 137.184.18.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 3858777464, "indicator": "44.220.185.238", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 44.220.185.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4084503714, "indicator": "87.121.84.50", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Los Angeles, United States (AS215925, Vpsvault.host Ltd) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via conpot. 1 events.", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4260789357, "indicator": "103.173.154.45", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 103.173.154.45 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 6 times when connecting to db4lamedtech between 2026-03-24 21:07 and 2026-03-24 21:24 UTC.", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 3870239155, "indicator": "118.212.121.26", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.26 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4183343531, "indicator": "77.132.99.70", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 77.132.99.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 3717423649, "indicator": "212.248.51.235", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 212.248.51.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4175720778, "indicator": "36.250.220.45", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4191366896, "indicator": "165.154.173.157", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Los Angeles, United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 1m 28s; 3 events.", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4274332376, "indicator": "72.255.19.249", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 72.255.19.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4243491911, "indicator": "103.191.92.65", "type": "IPv4", "created": "2026-03-24T21:38:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.191.92.65 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 19 times when connecting to db4lamedtech between 2026-03-24 20:12 and 2026-03-24 20:43 UTC.", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 3326487259, "indicator": "137.184.105.192", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 137.184.105.192 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 zgrab/0.x' 2 times when connecting to db4lamedtech between 2026-03-24 21:25 and 2026-03-24 21:25 UTC.", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4011586704, "indicator": "185.247.137.105", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4203960182, "indicator": "117.242.152.81", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.242.152.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 3810728903, "indicator": "137.184.18.19", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 137.184.18.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 3858777464, "indicator": "44.220.185.238", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 44.220.185.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4084503714, "indicator": "87.121.84.50", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Los Angeles, United States (AS215925, Vpsvault.host Ltd) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via conpot. 1 events.", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4260789357, "indicator": "103.173.154.45", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 103.173.154.45 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 6 times when connecting to db4lamedtech between 2026-03-24 21:07 and 2026-03-24 21:24 UTC.", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 3870239155, "indicator": "118.212.121.26", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.26 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4183343531, "indicator": "77.132.99.70", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 77.132.99.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 3717423649, "indicator": "212.248.51.235", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 212.248.51.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4175720778, "indicator": "36.250.220.45", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4191366896, "indicator": "165.154.173.157", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Los Angeles, United States (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 1m 28s; 3 events.", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4274332376, "indicator": "72.255.19.249", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 72.255.19.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 4243491911, "indicator": "103.191.92.65", "type": "IPv4", "created": "2026-03-24T21:38:14", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.191.92.65 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 19 times when connecting to db4lamedtech between 2026-03-24 20:12 and 2026-03-24 20:43 UTC.", "expiration": "2026-04-23T21:37:04", "is_active": 1 }, { "id": 3529996227, "indicator": "60.172.23.218", "type": "IPv4", "created": "2026-03-24T22:38:26", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 60.172.23.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T22:38:24", "is_active": 1 }, { "id": 4146405456, "indicator": "46.13.79.128", "type": "IPv4", "created": "2026-03-24T22:38:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Ostrava, Czechia (AS13036, T-Mobile Czech Republic a.s.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 11m 16s; 23 events.", "expiration": "2026-04-23T22:38:24", "is_active": 1 }, { "id": 4173704790, "indicator": "103.26.82.25", "type": "IPv4", "created": "2026-03-24T22:38:26", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 103.26.82.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T22:38:24", "is_active": 1 }, { "id": 2907455182, "indicator": "193.228.134.234", "type": "IPv4", "created": "2026-03-24T22:38:26", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 193.228.134.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-23T22:38:24", "is_active": 1 }, { "id": 4078890928, "indicator": "216.73.216.128", "type": "IPv4", "created": "2026-03-24T22:38:26", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 216.73.216.128 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl...' 2 times when connecting to db1lapetro between 2026-03-24 21:59 and 2026-03-24 21:59 UTC.", "expiration": "2026-04-23T22:38:24", "is_active": 1 }, { "id": 4168926151, "indicator": "116.178.130.236", "type": "IPv4", "created": "2026-03-24T22:38:26", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.236 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T22:38:24", "is_active": 1 }, { "id": 4280850109, "indicator": "20.63.0.132", "type": "IPv4", "created": "2026-03-24T22:38:26", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.63.0.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T22:38:24", "is_active": 1 }, { "id": 4011376293, "indicator": "185.247.137.151", "type": "IPv4", "created": "2026-03-24T22:38:26", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T22:38:24", "is_active": 1 }, { "id": 3551697626, "indicator": "87.236.176.5", "type": "IPv4", "created": "2026-03-24T22:38:26", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T22:38:24", "is_active": 1 }, { "id": 4265258129, "indicator": "221.1.217.6", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 221.1.217.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4263746226, "indicator": "103.180.241.18", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.180.241.18 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 13 times when connecting to db1lapetro between 2026-03-24 23:11 and 2026-03-24 23:34 UTC.", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4156600877, "indicator": "181.118.80.107", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 181.118.80.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4201110636, "indicator": "47.236.12.18", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.236.12.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4275714595, "indicator": "47.106.196.160", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Shenzhen, China (AS37963, Hangzhou Alibaba Advertising Co.,Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 1m 35s; 8 events.", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4277144621, "indicator": "43.162.83.223", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 43.162.83.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4281537104, "indicator": "147.45.237.185", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 147.45.237.185 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to mdms1 between 2026-03-24 22:53 and 2026-03-24 23:04 UTC.", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4179687082, "indicator": "175.212.12.133", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 175.212.12.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 3986848251, "indicator": "44.215.231.15", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 44.215.231.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4212180579, "indicator": "58.243.46.100", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.46.100 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4277212724, "indicator": "164.90.237.71", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 164.90.237.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 3675166826, "indicator": "200.114.67.55", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 200.114.67.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4281501413, "indicator": "156.251.65.197", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 156.251.65.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4265298326, "indicator": "190.52.38.11", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 190.52.38.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 1570539600, "indicator": "181.188.176.242", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from La Paz, Bolivia (AS27882, Telefonica Celular de Bolivia S.A.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 8 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence...", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4278848447, "indicator": "52.4.169.106", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 52.4.169.106 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4173336739, "indicator": "59.173.108.222", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4157287682, "indicator": "221.199.73.196", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4281499734, "indicator": "42.52.21.199", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 42.52.21.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4279712367, "indicator": "112.66.128.10", "type": "IPv4", "created": "2026-03-24T23:38:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 2m 0s; 2 events.", "expiration": "2026-04-23T23:38:32", "is_active": 1 }, { "id": 4280850114, "indicator": "20.220.60.25", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.220.60.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4274151215, "indicator": "154.90.54.142", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 154.90.54.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4189984865, "indicator": "80.87.144.223", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 80.87.144.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4280850108, "indicator": "4.205.37.18", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 4.205.37.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4078249154, "indicator": "46.105.38.210", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 46.105.38.210 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-03-25 00:15 and 2026-03-25 00:15 UTC.", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4239347265, "indicator": "8.219.222.152", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.219.222.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4280850111, "indicator": "20.63.96.180", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.63.96.180 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 141 times when connecting to db4lamedtech between 2026-03-25 00:11 and 2026-03-25 00:11 UTC.", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 3569965374, "indicator": "87.236.176.178", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4225370172, "indicator": "124.133.209.136", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 124.133.209.136 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4226712766, "indicator": "50.116.46.211", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 50.116.46.211 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 2 times when connecting to db1lapetro between 2026-03-25 00:09 and 2026-03-25 00:09 UTC.", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4281546660, "indicator": "66.132.224.233", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 66.132.224.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4066762440, "indicator": "20.15.164.37", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.15.164.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4001767411, "indicator": "60.190.165.70", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 60.190.165.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4104155916, "indicator": "101.35.251.162", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 101.35.251.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4280850116, "indicator": "66.132.195.113", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 3780522372, "indicator": "36.106.166.132", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4281543448, "indicator": "66.42.133.139", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.42.133.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4280850121, "indicator": "20.203.184.156", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.203.184.156 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 125 times when connecting to db4lamedtech between 2026-03-24 23:31 and 2026-03-24 23:31 UTC.", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 2828299227, "indicator": "165.22.190.98", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 7s; 8 events.", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4281500972, "indicator": "5.78.201.205", "type": "IPv4", "created": "2026-03-25T00:38:56", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 5.78.201.205 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to mdms1 between 2026-03-25 00:00 and 2026-03-25 00:01 UTC.", "expiration": "2026-04-24T00:38:46", "is_active": 1 }, { "id": 4281566048, "indicator": "180.7.190.84", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 180.7.190.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 3402810460, "indicator": "95.214.52.208", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 95.214.52.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4123847761, "indicator": "96.19.94.140", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 96.19.94.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4281564944, "indicator": "89.23.99.182", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 89.23.99.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4048937408, "indicator": "68.183.86.231", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 68.183.86.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4183232361, "indicator": "157.255.29.89", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 157.255.29.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4211150355, "indicator": "182.119.224.29", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.224.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4056357251, "indicator": "110.177.177.199", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 110.177.177.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4022724324, "indicator": "118.212.120.73", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4005179930, "indicator": "112.46.212.179", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.212.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4056105390, "indicator": "192.109.200.196", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 192.109.200.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4172946559, "indicator": "59.173.109.173", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.109.173 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4177551956, "indicator": "117.29.8.250", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 117.29.8.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4281562862, "indicator": "178.128.233.190", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 178.128.233.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4222321166, "indicator": "157.15.59.116", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 157.15.59.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4276920088, "indicator": "37.99.218.180", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 37.99.218.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 3804401445, "indicator": "27.47.24.71", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.24.71 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4222301258, "indicator": "157.15.59.122", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 157.15.59.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4281559702, "indicator": "190.216.132.18", "type": "IPv4", "created": "2026-03-25T01:39:14", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 190.216.132.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T01:39:03", "is_active": 1 }, { "id": 4173861298, "indicator": "116.178.130.10", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.10 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4113188607, "indicator": "18.97.26.87", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 18.97.26.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4169740971, "indicator": "116.178.128.175", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.128.175 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4275554392, "indicator": "118.145.100.92", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 118.145.100.92 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 36 times when connecting to db1lapetro between 2026-03-25 02:24 and 2026-03-25 02:25 UTC.", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4269367388, "indicator": "116.109.110.164", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 116.109.110.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4261236453, "indicator": "185.242.3.160", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 185.242.3.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4095722020, "indicator": "64.225.127.25", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 64.225.127.25 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 6 times when connecting to db4lamedtech between 2026-03-25 02:12 and 2026-03-25 02:39 UTC.", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 2116989233, "indicator": "178.91.94.146", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 178.91.94.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 3897861308, "indicator": "38.137.250.247", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 38.137.250.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 3913306450, "indicator": "123.245.85.184", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 123.245.85.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4168785383, "indicator": "59.173.111.142", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4277159756, "indicator": "45.4.84.2", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.4.84.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4186949749, "indicator": "177.75.49.84", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 177.75.49.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 3886898103, "indicator": "118.212.123.82", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 118.212.123.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4278317939, "indicator": "46.101.188.231", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 46.101.188.231 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to db4lamedtech between 2026-03-25 01:40 and 2026-03-25 01:57 UTC.", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4281570285, "indicator": "143.198.46.30", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 143.198.46.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4281569823, "indicator": "20.250.8.22", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.250.8.22 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 77 times when connecting to mdms1 between 2026-03-25 01:37 and 2026-03-25 01:37 UTC.", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4280214032, "indicator": "66.132.224.88", "type": "IPv4", "created": "2026-03-25T02:39:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 66.132.224.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T02:39:40", "is_active": 1 }, { "id": 4280277173, "indicator": "74.50.84.83", "type": "IPv4", "created": "2026-03-25T03:40:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 74.50.84.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T03:40:50", "is_active": 1 }, { "id": 4281619211, "indicator": "170.246.8.15", "type": "IPv4", "created": "2026-03-25T03:40:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 170.246.8.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T03:40:50", "is_active": 1 }, { "id": 4280315196, "indicator": "84.247.143.27", "type": "IPv4", "created": "2026-03-25T03:40:54", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 84.247.143.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T03:40:50", "is_active": 1 }, { "id": 4280850180, "indicator": "66.132.195.123", "type": "IPv4", "created": "2026-03-25T03:40:54", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 66.132.195.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T03:40:50", "is_active": 1 }, { "id": 4281619210, "indicator": "59.126.189.223", "type": "IPv4", "created": "2026-03-25T03:40:54", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.126.189.223 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T03:40:50", "is_active": 1 }, { "id": 4281619209, "indicator": "103.244.172.217", "type": "IPv4", "created": "2026-03-25T03:40:54", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 103.244.172.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T03:40:50", "is_active": 1 }, { "id": 4280261588, "indicator": "66.132.195.111", "type": "IPv4", "created": "2026-03-25T03:40:54", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.195.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T03:40:50", "is_active": 1 }, { "id": 4281611791, "indicator": "191.243.174.46", "type": "IPv4", "created": "2026-03-25T03:40:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 191.243.174.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T03:40:50", "is_active": 1 }, { "id": 4243313401, "indicator": "8.216.6.75", "type": "IPv4", "created": "2026-03-25T03:40:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.216.6.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T03:40:50", "is_active": 1 }, { "id": 4173567365, "indicator": "114.97.191.19", "type": "IPv4", "created": "2026-03-25T03:40:54", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T03:40:50", "is_active": 1 }, { "id": 4281574567, "indicator": "217.216.93.43", "type": "IPv4", "created": "2026-03-25T03:40:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Orangeburg, United States (AS40021, Contabo Inc.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T03:40:50", "is_active": 1 }, { "id": 4187431272, "indicator": "180.111.30.57", "type": "IPv4", "created": "2026-03-25T03:40:54", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 180.111.30.57 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T03:40:50", "is_active": 1 }, { "id": 4278759443, "indicator": "42.224.92.70", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 42.224.92.70 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 5 times when connecting to db1lapetro between 2026-03-25 04:25 and 2026-03-25 04:25 UTC.", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4272944069, "indicator": "38.248.29.183", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 38.248.29.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 3891641978, "indicator": "44.220.185.187", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 44.220.185.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4281003996, "indicator": "152.42.197.20", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 152.42.197.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 3015498995, "indicator": "193.163.125.40", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 193.163.125.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4281631038, "indicator": "84.51.12.180", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP from Istanbul, T\u00fcrkiye (AS34984, Superonline Iletisim Hizmetleri A.S.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 32s; 2 events.", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4011326451, "indicator": "45.55.158.168", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.55.158.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 3564811106, "indicator": "87.236.176.113", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 3567701241, "indicator": "87.236.176.220", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4011630831, "indicator": "185.247.137.184", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4274399919, "indicator": "87.106.69.120", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 87.106.69.120 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db1lapetro between 2026-03-25 04:03 and 2026-03-25 04:22 UTC.", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4278321380, "indicator": "190.216.132.23", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 190.216.132.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4274341401, "indicator": "43.106.143.191", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 43.106.143.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4141100206, "indicator": "38.59.249.242", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 38.59.249.242 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-03-25 04:03 and 2026-03-25 04:03 UTC.", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4147471387, "indicator": "49.228.84.254", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 49.228.84.254 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 3 times when connecting to db4lamedtech between 2026-03-25 03:55 and 2026-03-25 03:56 UTC.", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 2569359419, "indicator": "124.89.90.60", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 124.89.90.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4011990587, "indicator": "59.52.100.255", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.100.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4281629261, "indicator": "104.168.114.192", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 104.168.114.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4281621086, "indicator": "212.83.164.204", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 212.83.164.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4261326246, "indicator": "170.187.203.155", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 170.187.203.155 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 2 times when connecting to db4lamedtech between 2026-03-25 03:31 and 2026-03-25 03:31 UTC.", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4179213689, "indicator": "151.115.100.44", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 151.115.100.44 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4281619567, "indicator": "114.254.2.251", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 114.254.2.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4281619566, "indicator": "203.219.144.166", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 203.219.144.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 4281015404, "indicator": "172.239.240.198", "type": "IPv4", "created": "2026-03-25T04:42:03", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 172.239.240.198 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 6 times when connecting to db1lapetro between 2026-03-25 03:22 and 2026-03-25 03:32 UTC.", "expiration": "2026-04-24T04:42:02", "is_active": 1 }, { "id": 3712102023, "indicator": "146.88.241.75", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 146.88.241.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4174114914, "indicator": "138.118.3.97", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 138.118.3.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4022129627, "indicator": "54.90.8.255", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 54.90.8.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4247289413, "indicator": "8.216.5.7", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 8.216.5.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4281649026, "indicator": "175.203.70.112", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 175.203.70.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4260802970, "indicator": "47.83.21.193", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.83.21.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4146416014, "indicator": "51.75.154.31", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 51.75.154.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4281648147, "indicator": "198.244.133.160", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 198.244.133.160 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, hacking, low).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4189970598, "indicator": "51.77.103.48", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 51.77.103.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4181434832, "indicator": "198.244.133.159", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 198.244.133.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4280850176, "indicator": "66.132.195.80", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4261318128, "indicator": "116.176.57.198", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 116.176.57.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4268195926, "indicator": "1.222.167.7", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 1.222.167.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4281496844, "indicator": "51.77.216.167", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 51.77.216.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4000743818, "indicator": "45.156.131.12", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 45.156.131.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, ftp-brute).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 3912074259, "indicator": "59.183.132.232", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.183.132.232 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4180885147, "indicator": "112.122.237.236", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 3938482015, "indicator": "98.80.4.124", "type": "IPv4", "created": "2026-03-25T05:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 98.80.4.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-24T05:42:26", "is_active": 1 }, { "id": 4281655023, "indicator": "103.172.93.9", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from India (AS146929, PENTA SOLUTIONS). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. 1 events.", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4243235052, "indicator": "43.106.136.233", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.106.136.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4280314456, "indicator": "49.207.243.36", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:ssh. 49.207.243.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, port-scan).", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4281653709, "indicator": "120.39.48.215", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 120.39.48.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4281654538, "indicator": "152.42.196.161", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4175596431, "indicator": "106.75.191.164", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from China (AS58466, CHINANET Guangdong province network). Observed targeting healthcare sector honeypot mdms-hp-01 via sentrypeer. 1 events.", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4265278178, "indicator": "8.210.142.27", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.210.142.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4269370178, "indicator": "75.119.151.69", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 75.119.151.69 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db1lapetro between 2026-03-25 05:53 and 2026-03-25 06:14 UTC.", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4006981651, "indicator": "124.93.193.105", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.93.193.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4263669169, "indicator": "50.35.168.148", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 50.35.168.148 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 15 times when connecting to db4lamedtech between 2026-03-25 05:37 and 2026-03-25 06:03 UTC.", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4275714406, "indicator": "66.132.172.231", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.132.172.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4281651902, "indicator": "15.181.97.144", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:reported-export. Attacker IP 15.181.97.144 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 2 times when connecting to mdms1 between 2026-03-25 05:38 and 2026-03-25 05:38 UTC.", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4281648998, "indicator": "124.253.219.121", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 124.253.219.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4281003376, "indicator": "137.184.58.240", "type": "IPv4", "created": "2026-03-25T06:43:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 137.184.58.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T06:42:51", "is_active": 1 }, { "id": 4176572892, "indicator": "121.29.84.24", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 4281631732, "indicator": "171.231.192.151", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 171.231.192.151 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 7 times when connecting to db1lapetro between 2026-03-25 07:13 and 2026-03-25 07:39 UTC.", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 4281631010, "indicator": "171.243.151.193", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 171.243.151.193 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 7 times when connecting to db1lapetro between 2026-03-25 07:17 and 2026-03-25 07:41 UTC.", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 4281657571, "indicator": "34.76.59.29", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 34.76.59.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 4281657919, "indicator": "136.119.173.252", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 136.119.173.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 4272899817, "indicator": "213.176.18.65", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 213.176.18.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 4236843592, "indicator": "4.175.1.219", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 4.175.1.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 4281656841, "indicator": "5.145.204.50", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 5.145.204.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 4166613015, "indicator": "14.135.74.10", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 3221996450, "indicator": "1.83.125.184", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 4281655849, "indicator": "95.250.68.5", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 95.250.68.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 4269411968, "indicator": "118.145.237.97", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 118.145.237.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, port-scan).", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 4274151233, "indicator": "196.188.63.61", "type": "IPv4", "created": "2026-03-25T07:44:53", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Addis Ababa, Ethiopia (AS24757, Ethiopian Telecommunication Corporation). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 5 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron ...", "expiration": "2026-04-24T07:43:59", "is_active": 1 }, { "id": 4281700425, "indicator": "4.232.80.166", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 4.232.80.166 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 157 times when connecting to db4lamedtech between 2026-03-25 08:36 and 2026-03-25 08:36 UTC.", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4210325159, "indicator": "156.236.75.25", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 156.236.75.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4228190983, "indicator": "117.245.141.237", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.245.141.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4260070387, "indicator": "116.176.57.164", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting government sector honeypot backup-hp-01 via cowrie. 1 events.", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4218400061, "indicator": "43.167.197.189", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Tokyo, Japan (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 9 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persiste...", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 3434163285, "indicator": "36.255.220.44", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Singapore (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 9 unique usernames, execution of 22 commands (SSH key persistence, password changes, system recon...", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4274400114, "indicator": "38.250.116.73", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 38.250.116.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 3947223309, "indicator": "58.212.237.103", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 409658610, "indicator": "171.12.10.119", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 171.12.10.119 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4167421526, "indicator": "59.173.108.132", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 59.173.108.132 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4281674547, "indicator": "172.104.31.205", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 172.104.31.205 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 363 times when connecting to db4lamedtech between 2026-03-25 08:07 and 2026-03-25 08:43 UTC.", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4169411109, "indicator": "114.97.190.254", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 621777165, "indicator": "182.119.228.228", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.228.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4173516686, "indicator": "27.47.26.42", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4079142336, "indicator": "144.172.112.193", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 144.172.112.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4281672929, "indicator": "103.244.172.7", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 103.244.172.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4280059613, "indicator": "67.205.178.44", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 67.205.178.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4281672932, "indicator": "171.6.240.71", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 171.6.240.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4271530485, "indicator": "185.169.4.33", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 185.169.4.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4280379108, "indicator": "41.82.58.206", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 41.82.58.206 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db1lapetro between 2026-03-25 07:40 and 2026-03-25 08:26 UTC.", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 3835902552, "indicator": "118.212.120.248", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.120.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4022066015, "indicator": "180.95.231.112", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 180.95.231.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 2683786269, "indicator": "123.160.232.83", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.232.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 3697305855, "indicator": "123.6.49.17", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 123.6.49.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 2238387939, "indicator": "123.6.49.36", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 123.6.49.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 2255688084, "indicator": "123.6.49.6", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 123.6.49.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 3697799813, "indicator": "123.6.49.49", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 123.6.49.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4245353712, "indicator": "8.216.4.105", "type": "IPv4", "created": "2026-03-25T08:45:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.216.4.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T08:45:00", "is_active": 1 }, { "id": 4171940768, "indicator": "222.176.201.235", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4164652195, "indicator": "114.97.191.30", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4200975051, "indicator": "59.103.119.196", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 59.103.119.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4233510946, "indicator": "149.22.83.21", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP 149.22.83.21 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-03-25 09:09 and 2026-03-25 09:10 UTC.", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4268168582, "indicator": "106.75.246.43", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.75.246.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (reported).", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4012227986, "indicator": "222.94.32.5", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 222.94.32.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4139180996, "indicator": "103.228.144.95", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.228.144.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 629719, "indicator": "216.218.206.116", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 216.218.206.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4152583149, "indicator": "103.159.43.106", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 103.159.43.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4102802718, "indicator": "18.97.19.215", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 18.97.19.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4276983129, "indicator": "42.4.61.251", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 42.4.61.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4276915695, "indicator": "117.132.5.139", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from China (AS24444, Shandong Mobile Communication Company Limited). Observed targeting government sector honeypot backup-hp-01 via cowrie. 1 events.", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4197101726, "indicator": "151.242.30.226", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from United Arab Emirates (AS214209, Internet Magnate (Pty) Ltd). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 3692885222, "indicator": "101.198.0.150", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 101.198.0.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4263849849, "indicator": "190.121.150.149", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 190.121.150.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4281665210, "indicator": "8.222.174.98", "type": "IPv4", "created": "2026-03-25T09:46:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T09:45:50", "is_active": 1 }, { "id": 4278321335, "indicator": "125.20.210.182", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 125.20.210.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4281749793, "indicator": "103.91.128.106", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 103.91.128.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4125974677, "indicator": "138.19.2.28", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 138.19.2.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4271538621, "indicator": "103.42.142.59", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 103.42.142.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4243357851, "indicator": "47.236.1.244", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.236.1.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4272939123, "indicator": "165.154.52.159", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 165.154.52.159 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to db1lapetro between 2026-03-25 10:13 and 2026-03-25 10:14 UTC.", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 3975459659, "indicator": "112.214.17.61", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 112.214.17.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4023773466, "indicator": "180.95.238.193", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 180.95.238.193 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4026254734, "indicator": "52.169.144.136", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 52.169.144.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 3758118403, "indicator": "182.242.168.220", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.168.220 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4281743379, "indicator": "152.42.250.207", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 152.42.250.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 3500974537, "indicator": "89.251.0.108", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 89.251.0.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 2255687490, "indicator": "121.254.104.14", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 121.254.104.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4281653528, "indicator": "138.124.73.129", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Frankfurt am Main, Germany (AS41745, Baykov Ilya Sergeevich). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 1s; 5 events.", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4173316581, "indicator": "222.176.201.131", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4278764318, "indicator": "45.235.44.163", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 45.235.44.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4281703854, "indicator": "177.234.209.102", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 177.234.209.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 3630339756, "indicator": "147.182.154.58", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 147.182.154.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4281646298, "indicator": "184.107.178.27", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 184.107.178.27 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db4lamedtech between 2026-03-25 09:29 and 2026-03-25 09:46 UTC.", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4177348047, "indicator": "106.117.111.136", "type": "IPv4", "created": "2026-03-25T10:49:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.117.111.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T10:49:31", "is_active": 1 }, { "id": 4179979860, "indicator": "182.119.225.34", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.225.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 4071842816, "indicator": "87.121.84.49", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.121.84.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 3750711188, "indicator": "104.140.148.94", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 104.140.148.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 2194579281, "indicator": "82.148.16.27", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 82.148.16.27 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-03-25 11:05 and 2026-03-25 11:05 UTC.", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 3940399288, "indicator": "58.212.237.75", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 4229889889, "indicator": "39.97.54.189", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 39.97.54.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 3665720347, "indicator": "85.203.47.24", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack. 85.203.47.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 4147777680, "indicator": "85.203.47.50", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 85.203.47.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 4155816653, "indicator": "85.203.47.53", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 85.203.47.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 4281758402, "indicator": "85.203.47.38", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 85.203.47.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 4155816652, "indicator": "85.203.47.40", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 85.203.47.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 3978183504, "indicator": "83.168.110.33", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 83.168.110.33 observed using SSH client fingerprint 'Unknown SSH Client (2ec37a7cc8da)' 20 times when connecting to db1lapetro between 2026-03-25 11:01 and 2026-03-25 11:16 UTC.", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 3659508151, "indicator": "154.61.77.169", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 154.61.77.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 4281746851, "indicator": "152.249.193.41", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 152.249.193.41 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to db4lamedtech between 2026-03-25 10:12 and 2026-03-25 10:35 UTC.", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 4280260686, "indicator": "66.132.224.236", "type": "IPv4", "created": "2026-03-25T11:49:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 4s; 3 events.", "expiration": "2026-04-24T11:49:50", "is_active": 1 }, { "id": 4274399880, "indicator": "49.235.161.254", "type": "IPv4", "created": "2026-03-25T12:50:08", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 49.235.161.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T12:50:07", "is_active": 1 }, { "id": 4161544825, "indicator": "45.188.171.247", "type": "IPv4", "created": "2026-03-25T12:50:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 45.188.171.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T12:50:07", "is_active": 1 }, { "id": 4281762941, "indicator": "178.128.115.151", "type": "IPv4", "created": "2026-03-25T12:50:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 178.128.115.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T12:50:07", "is_active": 1 }, { "id": 4281635518, "indicator": "47.105.80.59", "type": "IPv4", "created": "2026-03-25T12:50:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.105.80.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T12:50:07", "is_active": 1 }, { "id": 4277157875, "indicator": "101.89.161.27", "type": "IPv4", "created": "2026-03-25T12:50:08", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 101.89.161.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T12:50:07", "is_active": 1 }, { "id": 3616790729, "indicator": "34.90.254.162", "type": "IPv4", "created": "2026-03-25T12:50:08", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 34.90.254.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T12:50:07", "is_active": 1 }, { "id": 3736171867, "indicator": "168.100.9.75", "type": "IPv4", "created": "2026-03-25T12:50:08", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 168.100.9.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T12:50:07", "is_active": 1 }, { "id": 4170521184, "indicator": "178.150.97.200", "type": "IPv4", "created": "2026-03-25T12:50:08", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 178.150.97.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T12:50:07", "is_active": 1 }, { "id": 4281492037, "indicator": "130.12.180.79", "type": "IPv4", "created": "2026-03-25T12:50:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Amsterdam, The Netherlands (AS202412, Omegatech LTD). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T12:50:07", "is_active": 1 }, { "id": 4280257793, "indicator": "66.132.186.180", "type": "IPv4", "created": "2026-03-25T12:50:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T12:50:07", "is_active": 1 }, { "id": 4009013988, "indicator": "60.13.6.230", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.13.6.230 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 3476431866, "indicator": "177.36.24.220", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 177.36.24.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 4031780570, "indicator": "176.117.184.152", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 176.117.184.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 4168646138, "indicator": "121.29.149.171", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.171 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 4179839862, "indicator": "59.173.109.109", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 4278759771, "indicator": "66.132.195.52", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.195.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 4185345672, "indicator": "114.35.222.197", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 114.35.222.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 4281767309, "indicator": "20.251.61.72", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.251.61.72 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 21 times when connecting to db4lamedtech between 2026-03-25 12:58 and 2026-03-25 12:58 UTC.", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 4241126926, "indicator": "171.244.40.3", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 171.244.40.3 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db4lamedtech between 2026-03-25 12:47 and 2026-03-25 13:19 UTC.", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 4165488968, "indicator": "104.168.56.24", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 104.168.56.24 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 5 times when connecting to db1lapetro between 2026-03-25 12:50 and 2026-03-25 13:04 UTC.", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 4241314415, "indicator": "118.145.66.151", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 118.145.66.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 4186987327, "indicator": "169.213.136.111", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 169.213.136.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 4278836441, "indicator": "66.132.195.32", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 4281763768, "indicator": "132.147.182.230", "type": "IPv4", "created": "2026-03-25T13:50:41", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 132.147.182.230 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-24T13:50:27", "is_active": 1 }, { "id": 3930981052, "indicator": "221.207.35.42", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 3901783561, "indicator": "196.219.224.230", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 196.219.224.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4001206983, "indicator": "196.221.196.5", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 196.221.196.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4192274030, "indicator": "51.159.108.218", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 51.159.108.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4226328994, "indicator": "24.185.209.3", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 24.185.209.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4281780087, "indicator": "32.192.90.47", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 32.192.90.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4268247390, "indicator": "172.110.223.68", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. Attacker IP from Hong Kong (AS23470, ReliableSite.Net LLC). Observed targeting government sector honeypot backup-hp-01 via sentrypeer. duration: 13m 42s; 10 events.", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4281778869, "indicator": "118.208.228.176", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.208.228.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 3832785388, "indicator": "123.245.85.217", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 123.245.85.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4245091209, "indicator": "212.227.21.19", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 212.227.21.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 3663943290, "indicator": "146.88.241.112", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 146.88.241.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4262400037, "indicator": "157.10.252.160", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 157.10.252.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4281773654, "indicator": "106.117.111.152", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.111.152 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4281767716, "indicator": "89.212.95.246", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 89.212.95.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4020766966, "indicator": "101.36.117.207", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:web-attack. Attacker IP 101.36.117.207 observed using TLS client fingerprint 'Unknown TLS Client (60877a328763)' 2 times when connecting to db1lapetro between 2026-03-25 13:55 and 2026-03-25 13:55 UTC.", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4173345150, "indicator": "116.178.128.15", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.15 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4261320044, "indicator": "8.216.7.75", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 8.216.7.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4136456083, "indicator": "138.117.80.12", "type": "IPv4", "created": "2026-03-25T14:51:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. Attacker IP from Mortugaba, Brazil (AS264235, FUTURAMA INFORMATICA LTDA - ME). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 9s; 2 events.", "expiration": "2026-04-24T14:51:32", "is_active": 1 }, { "id": 4044737848, "indicator": "137.184.103.216", "type": "IPv4", "created": "2026-03-25T15:52:42", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 137.184.103.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T15:52:02", "is_active": 1 }, { "id": 4191066019, "indicator": "51.158.203.224", "type": "IPv4", "created": "2026-03-25T15:52:42", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 51.158.203.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T15:52:02", "is_active": 1 }, { "id": 4281783269, "indicator": "164.90.157.6", "type": "IPv4", "created": "2026-03-25T15:52:42", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 164.90.157.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T15:52:02", "is_active": 1 }, { "id": 4255804559, "indicator": "116.140.209.139", "type": "IPv4", "created": "2026-03-25T15:52:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 116.140.209.139 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 4 times when connecting to mdms1 between 2026-03-25 15:13 and 2026-03-25 15:13 UTC.", "expiration": "2026-04-24T15:52:02", "is_active": 1 }, { "id": 2564319129, "indicator": "82.148.18.121", "type": "IPv4", "created": "2026-03-25T15:52:42", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 82.148.18.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T15:52:02", "is_active": 1 }, { "id": 4280286846, "indicator": "177.185.25.13", "type": "IPv4", "created": "2026-03-25T15:52:42", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 177.185.25.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T15:52:02", "is_active": 1 }, { "id": 4281783913, "indicator": "124.156.199.14", "type": "IPv4", "created": "2026-03-25T15:52:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 124.156.199.14 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T15:52:02", "is_active": 1 }, { "id": 4281790916, "indicator": "119.62.223.15", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 119.62.223.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 3778780737, "indicator": "81.70.99.108", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 81.70.99.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4210085528, "indicator": "176.120.22.114", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 176.120.22.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4083295183, "indicator": "51.68.236.92", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 51.68.236.92 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to mdms1 between 2026-03-25 16:30 and 2026-03-25 16:30 UTC.", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 3980092352, "indicator": "185.91.127.85", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.91.127.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4224457843, "indicator": "216.82.24.78", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 216.82.24.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4172203926, "indicator": "1.203.97.227", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 1.203.97.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4281006661, "indicator": "66.132.195.119", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.195.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 3636050823, "indicator": "190.111.112.216", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported. Attacker IP 190.111.112.216 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 16 times when connecting to db4lamedtech between 2026-03-25 15:59 and 2026-03-25 16:35 UTC.", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4149564381, "indicator": "103.141.148.93", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.141.148.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4127658307, "indicator": "8.219.82.137", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 8.219.82.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 3552420913, "indicator": "36.106.166.85", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4158834203, "indicator": "112.122.236.120", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 112.122.236.120 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4263838104, "indicator": "106.15.231.188", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 106.15.231.188 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4280210712, "indicator": "66.132.195.79", "type": "IPv4", "created": "2026-03-25T16:56:17", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.195.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4281790916, "indicator": "119.62.223.15", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 119.62.223.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 3778780737, "indicator": "81.70.99.108", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 81.70.99.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4210085528, "indicator": "176.120.22.114", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 176.120.22.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4083295183, "indicator": "51.68.236.92", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 51.68.236.92 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to mdms1 between 2026-03-25 16:30 and 2026-03-25 16:30 UTC.", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 3980092352, "indicator": "185.91.127.85", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.91.127.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4224457843, "indicator": "216.82.24.78", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 216.82.24.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4172203926, "indicator": "1.203.97.227", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 1.203.97.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4281006661, "indicator": "66.132.195.119", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.195.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 3636050823, "indicator": "190.111.112.216", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported. Attacker IP 190.111.112.216 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 16 times when connecting to db4lamedtech between 2026-03-25 15:59 and 2026-03-25 16:35 UTC.", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4149564381, "indicator": "103.141.148.93", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.141.148.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4127658307, "indicator": "8.219.82.137", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 8.219.82.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 3552420913, "indicator": "36.106.166.85", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4158834203, "indicator": "112.122.236.120", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 112.122.236.120 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4263838104, "indicator": "106.15.231.188", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 106.15.231.188 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4280210712, "indicator": "66.132.195.79", "type": "IPv4", "created": "2026-03-25T16:56:40", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.195.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T16:52:47", "is_active": 1 }, { "id": 4275620382, "indicator": "66.132.224.29", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.132.224.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4274305363, "indicator": "43.166.166.157", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 43.166.166.157 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4170520661, "indicator": "14.135.74.194", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.194 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4254084464, "indicator": "206.62.67.46", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 206.62.67.46 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 8 times when connecting to db4lamedtech between 2026-03-25 17:30 and 2026-03-25 17:48 UTC.", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4227711955, "indicator": "152.42.184.129", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 152.42.184.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 2117721582, "indicator": "104.140.148.58", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 104.140.148.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4268036955, "indicator": "51.210.15.86", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 51.210.15.86 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db4lamedtech between 2026-03-25 17:17 and 2026-03-25 17:34 UTC.", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4275716126, "indicator": "138.124.96.105", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 138.124.96.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 2939136169, "indicator": "2.57.122.44", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Romania. Observed targeting energy sector honeypot petroleum-hp-01 via h0neytr4p. 1 events.", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 2221147413, "indicator": "62.122.96.124", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 62.122.96.124 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4278309771, "indicator": "66.132.195.65", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.195.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4265147121, "indicator": "20.215.89.29", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 20.215.89.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 456862568, "indicator": "118.71.196.217", "type": "IPv4", "created": "2026-03-25T18:01:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Hanoi, Vietnam (AS18403, FPT Telecom Company). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. 1 events.", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4275620382, "indicator": "66.132.224.29", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.132.224.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4274305363, "indicator": "43.166.166.157", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 43.166.166.157 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4170520661, "indicator": "14.135.74.194", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.194 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4254084464, "indicator": "206.62.67.46", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 206.62.67.46 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 8 times when connecting to db4lamedtech between 2026-03-25 17:30 and 2026-03-25 17:48 UTC.", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4227711955, "indicator": "152.42.184.129", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 152.42.184.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 2117721582, "indicator": "104.140.148.58", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 104.140.148.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4268036955, "indicator": "51.210.15.86", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 51.210.15.86 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db4lamedtech between 2026-03-25 17:17 and 2026-03-25 17:34 UTC.", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4275716126, "indicator": "138.124.96.105", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 138.124.96.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 2939136169, "indicator": "2.57.122.44", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Romania. Observed targeting energy sector honeypot petroleum-hp-01 via h0neytr4p. 1 events.", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 2221147413, "indicator": "62.122.96.124", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 62.122.96.124 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4278309771, "indicator": "66.132.195.65", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.195.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 4265147121, "indicator": "20.215.89.29", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 20.215.89.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 456862568, "indicator": "118.71.196.217", "type": "IPv4", "created": "2026-03-25T18:03:30", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Hanoi, Vietnam (AS18403, FPT Telecom Company). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. 1 events.", "expiration": "2026-04-24T17:57:51", "is_active": 1 }, { "id": 3862426674, "indicator": "118.212.120.11", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4275709464, "indicator": "43.106.133.196", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.106.133.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4281811861, "indicator": "123.145.11.61", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.145.11.61 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 3831507797, "indicator": "59.52.100.2", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.52.100.2 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4011375457, "indicator": "118.212.122.178", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.212.122.178 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4280988576, "indicator": "80.102.218.187", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 80.102.218.187 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 3226633980, "indicator": "222.138.116.160", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 3m 27s; 33 events.", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4278325314, "indicator": "160.250.181.59", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS150895, EZ TECHNOLOGY COMPANY LIMITED). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 4 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery o...", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4006795420, "indicator": "45.161.237.40", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Ciudad del Este, Paraguay (AS61512, GIG@NET SOCIEDAD ANONIMA). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 9 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, pro...", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 3938703260, "indicator": "123.245.85.80", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4011264364, "indicator": "172.232.133.233", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 172.232.133.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4281809027, "indicator": "41.59.27.181", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 41.59.27.181 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4158862846, "indicator": "59.20.5.164", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 59.20.5.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4281806980, "indicator": "104.28.158.13", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 104.28.158.13 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 5 times when connecting to db1lapetro between 2026-03-25 18:10 and 2026-03-25 18:10 UTC.", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 3992484504, "indicator": "44.220.185.75", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 44.220.185.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4280850107, "indicator": "20.48.232.178", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.48.232.178 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 141 times when connecting to db1lapetro between 2026-03-25 18:09 and 2026-03-25 18:09 UTC.", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 3645187294, "indicator": "88.205.172.170", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 88.205.172.170 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to db1lapetro between 2026-03-25 18:06 and 2026-03-25 18:21 UTC.", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4174149844, "indicator": "197.232.4.141", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 197.232.4.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4059219757, "indicator": "175.19.75.252", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 175.19.75.252 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4178327540, "indicator": "182.73.44.45", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4274340717, "indicator": "192.24.101.106", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 192.24.101.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4183845311, "indicator": "120.39.48.85", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 120.39.48.85 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4225781032, "indicator": "164.68.113.25", "type": "IPv4", "created": "2026-03-25T19:03:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 5s; 3 events.", "expiration": "2026-04-24T19:02:52", "is_active": 1 }, { "id": 4263815534, "indicator": "162.248.101.254", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.248.101.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4193811245, "indicator": "110.36.70.112", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.36.70.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4274192182, "indicator": "122.150.107.222", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 122.150.107.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4262480966, "indicator": "3.94.201.110", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.94.201.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4281817494, "indicator": "87.106.231.77", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Germany (AS8560, IONOS SE). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 3 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewall manipulation),...", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4263663873, "indicator": "34.230.72.200", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 34.230.72.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4263074696, "indicator": "44.212.59.240", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 44.212.59.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4263831216, "indicator": "35.171.23.150", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 35.171.23.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 3992874660, "indicator": "44.220.188.95", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.188.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4278325273, "indicator": "190.216.132.29", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 190.216.132.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4144054072, "indicator": "104.248.194.6", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 104.248.194.6 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 461 times when connecting to mdms1 between 2026-03-25 19:15 and 2026-03-25 19:16 UTC.", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4281813706, "indicator": "2.27.43.231", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 2.27.43.231 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 2 times when connecting to db4lamedtech between 2026-03-25 19:12 and 2026-03-25 19:12 UTC.", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4162510505, "indicator": "168.0.82.26", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 168.0.82.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4280850156, "indicator": "166.1.144.62", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 166.1.144.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4170901734, "indicator": "195.161.54.16", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 195.161.54.16 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 13 times when connecting to db1lapetro between 2026-03-25 19:00 and 2026-03-25 19:19 UTC.", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4059954439, "indicator": "74.89.42.238", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 74.89.42.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 3911304937, "indicator": "66.228.55.195", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:reported. Attacker IP 66.228.55.195 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 2 times when connecting to db1lapetro between 2026-03-25 18:30 and 2026-03-25 18:38 UTC.", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4281804324, "indicator": "107.191.43.243", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 107.191.43.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 3894468079, "indicator": "175.107.36.32", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 175.107.36.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4281801794, "indicator": "58.243.47.125", "type": "IPv4", "created": "2026-03-25T20:06:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 58.243.47.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T20:06:27", "is_active": 1 }, { "id": 4266744403, "indicator": "43.228.157.101", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.101 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266813655, "indicator": "185.242.3.138", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.138 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266813269, "indicator": "43.228.157.107", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.107 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4243311786, "indicator": "185.242.3.177", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.242.3.177 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266464781, "indicator": "43.228.157.120", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.120 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275679239, "indicator": "43.228.157.150", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.150 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275613670, "indicator": "43.228.157.166", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.166 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275710902, "indicator": "43.228.157.162", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.162 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275714405, "indicator": "43.228.157.164", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.164 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265399081, "indicator": "185.242.3.151", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.242.3.151 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 2198197159, "indicator": "43.228.157.92", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.92 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275705453, "indicator": "43.228.157.147", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.147 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275680836, "indicator": "43.228.157.156", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.156 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265319925, "indicator": "43.228.157.103", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.103 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275620377, "indicator": "43.228.157.167", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.167 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266630671, "indicator": "185.242.3.140", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.140 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266744406, "indicator": "43.228.157.98", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.98 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265399080, "indicator": "185.242.3.125", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.125 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275686507, "indicator": "43.228.157.145", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.145 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (critical, hacking, port-scan).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266414526, "indicator": "185.242.3.157", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.242.3.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275613671, "indicator": "43.228.157.170", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265264177, "indicator": "43.228.157.100", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265198135, "indicator": "43.228.157.117", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266610189, "indicator": "43.228.157.108", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275714395, "indicator": "43.228.157.137", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266476724, "indicator": "185.242.3.152", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.242.3.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275714401, "indicator": "43.228.157.142", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275710892, "indicator": "43.228.157.159", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266728787, "indicator": "185.242.3.130", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266677198, "indicator": "185.242.3.153", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275714413, "indicator": "43.228.157.140", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275697313, "indicator": "43.228.157.134", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275714397, "indicator": "43.228.157.153", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266473557, "indicator": "43.228.157.106", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275710899, "indicator": "43.228.157.214", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275686508, "indicator": "43.228.157.169", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266728788, "indicator": "185.242.3.156", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265380295, "indicator": "185.242.3.148", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275697314, "indicator": "43.228.157.144", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265198134, "indicator": "43.228.157.114", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266473558, "indicator": "43.228.157.111", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265380294, "indicator": "185.242.3.146", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275701571, "indicator": "43.228.157.141", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275684339, "indicator": "43.228.157.226", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275697324, "indicator": "43.228.157.209", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275680840, "indicator": "43.228.157.204", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275684335, "indicator": "43.228.157.195", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275697316, "indicator": "43.228.157.160", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4276741810, "indicator": "43.228.157.132", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 43.228.157.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275714408, "indicator": "43.228.157.206", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265390345, "indicator": "43.228.157.115", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.115 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265395674, "indicator": "43.228.157.112", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.112 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265264178, "indicator": "43.228.157.109", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.109 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266464780, "indicator": "43.228.157.105", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.105 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4276187782, "indicator": "43.228.157.158", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 43.228.157.158 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275555705, "indicator": "43.228.157.155", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.155 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265198137, "indicator": "43.228.157.99", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.99 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275620375, "indicator": "43.228.157.139", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.139 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275664134, "indicator": "43.228.157.143", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.143 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265390342, "indicator": "185.242.3.158", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.158 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275616287, "indicator": "43.228.157.215", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275680837, "indicator": "43.228.157.168", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.168 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275697318, "indicator": "43.228.157.165", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275664135, "indicator": "43.228.157.161", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265264169, "indicator": "185.242.3.154", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.242.3.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266414525, "indicator": "185.242.3.145", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4265390341, "indicator": "185.242.3.150", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.242.3.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275613669, "indicator": "43.228.157.152", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4266414524, "indicator": "185.242.3.131", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.242.3.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4276187781, "indicator": "43.228.157.149", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 43.228.157.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4198356124, "indicator": "185.242.3.124", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275697315, "indicator": "43.228.157.146", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4276187780, "indicator": "43.228.157.136", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4189984226, "indicator": "185.242.3.120", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.242.3.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4276187779, "indicator": "43.228.157.133", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 43.228.157.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275680842, "indicator": "43.228.157.223", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275697326, "indicator": "43.228.157.220", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275684337, "indicator": "43.228.157.211", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275680841, "indicator": "43.228.157.207", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275616286, "indicator": "43.228.157.200", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275701572, "indicator": "43.228.157.197", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275684336, "indicator": "43.228.157.203", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275697322, "indicator": "43.228.157.194", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.228.157.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275613674, "indicator": "43.228.157.187", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275613675, "indicator": "43.228.157.191", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275686504, "indicator": "185.242.3.188", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275680838, "indicator": "43.228.157.180", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4275679240, "indicator": "43.228.157.183", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.228.157.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4277159636, "indicator": "41.33.45.100", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 41.33.45.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4281879296, "indicator": "117.245.138.57", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 117.245.138.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 3469516643, "indicator": "185.193.157.163", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.193.157.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4158838010, "indicator": "212.109.219.22", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP from Russia (AS29182, JSC IOT). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 5 unique usernames, execution of 64 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewall manipu...", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4272942303, "indicator": "87.106.146.150", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP from Germany (AS8560, IONOS SE). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 4 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, fire...", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4281823969, "indicator": "27.207.145.227", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 27.207.145.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4011580841, "indicator": "185.247.137.44", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4127990504, "indicator": "115.21.72.248", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 115.21.72.248 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db4lamedtech between 2026-03-25 20:05 and 2026-03-25 20:16 UTC.", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4178327718, "indicator": "192.3.130.87", "type": "IPv4", "created": "2026-03-25T21:06:54", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP 192.3.130.87 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db4lamedtech between 2026-03-25 20:02 and 2026-03-25 20:12 UTC.", "expiration": "2026-04-24T21:06:32", "is_active": 1 }, { "id": 4281811176, "indicator": "82.29.128.80", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 82.29.128.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4151494369, "indicator": "85.50.149.216", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 85.50.149.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4247088507, "indicator": "181.93.43.83", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 181.93.43.83 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275405590, "indicator": "43.157.209.93", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 43.157.209.93 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 3725788693, "indicator": "47.91.120.169", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 47.91.120.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4262481564, "indicator": "47.253.246.87", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.253.246.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 2272141727, "indicator": "202.51.100.238", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 202.51.100.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281646306, "indicator": "14.225.18.19", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 14.225.18.19 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-03-25 21:29 and 2026-03-25 21:29 UTC.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281695463, "indicator": "222.93.150.75", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 222.93.150.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 2135010503, "indicator": "68.183.105.117", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 68.183.105.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 2812376827, "indicator": "121.121.60.200", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 121.121.60.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4154872775, "indicator": "62.84.185.55", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 62.84.185.55 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 75 times when connecting to mdms1 between 2026-03-25 21:19 and 2026-03-25 21:26 UTC.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4097303889, "indicator": "54.37.84.47", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 54.37.84.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281885249, "indicator": "195.26.255.237", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack, cowrie. 195.26.255.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, reported).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 3584137195, "indicator": "122.118.201.172", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Miaoli, Taiwan (AS3462, Data Communication Business Group). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4109237727, "indicator": "125.23.207.42", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from India (AS9498, BHARTI Airtel Ltd.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 4 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewall mani...", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281883475, "indicator": "190.216.132.30", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 190.216.132.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 3841439687, "indicator": "221.207.35.193", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281643022, "indicator": "66.132.195.106", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275709333, "indicator": "36.136.59.19", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 36.136.59.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243353609, "indicator": "43.228.157.80", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243347578, "indicator": "185.242.3.94", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266790023, "indicator": "43.228.157.118", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243347577, "indicator": "185.242.3.103", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4242956766, "indicator": "185.242.3.99", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4241356010, "indicator": "43.228.157.79", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243095098, "indicator": "185.242.3.95", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266744405, "indicator": "43.228.157.116", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243094913, "indicator": "185.242.3.100", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266414530, "indicator": "43.228.157.113", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243008500, "indicator": "185.242.3.91", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266744404, "indicator": "43.228.157.104", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243356634, "indicator": "185.242.3.93", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243015075, "indicator": "185.242.3.92", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266813266, "indicator": "43.228.157.110", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266743406, "indicator": "185.242.3.147", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243311787, "indicator": "185.242.3.88", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697321, "indicator": "43.228.157.193", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697327, "indicator": "43.228.157.221", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714419, "indicator": "43.228.157.218", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275613676, "indicator": "43.228.157.198", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275680839, "indicator": "43.228.157.196", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275620376, "indicator": "43.228.157.157", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714414, "indicator": "43.228.157.192", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4265380296, "indicator": "185.242.3.155", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697329, "indicator": "43.228.157.224", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714418, "indicator": "43.228.157.148", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714410, "indicator": "43.228.157.186", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275664136, "indicator": "43.228.157.179", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697328, "indicator": "43.228.157.222", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697325, "indicator": "43.228.157.219", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714411, "indicator": "43.228.157.154", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714407, "indicator": "43.228.157.212", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275613673, "indicator": "43.228.157.184", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266473554, "indicator": "185.242.3.139", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714399, "indicator": "43.228.157.201", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275686509, "indicator": "43.228.157.189", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275684338, "indicator": "43.228.157.216", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275555706, "indicator": "43.228.157.225", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275710895, "indicator": "43.228.157.213", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275710922, "indicator": "43.228.157.210", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275684334, "indicator": "43.228.157.135", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275705454, "indicator": "43.228.157.151", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275742966, "indicator": "43.228.157.199", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714409, "indicator": "43.228.157.202", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275613672, "indicator": "43.228.157.178", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275696304, "indicator": "185.242.3.149", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275701570, "indicator": "43.228.157.138", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697317, "indicator": "43.228.157.163", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697323, "indicator": "43.228.157.208", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243211474, "indicator": "185.242.3.90", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275616285, "indicator": "43.228.157.185", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697320, "indicator": "43.228.157.188", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275686510, "indicator": "43.228.157.190", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697319, "indicator": "43.228.157.182", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4276741811, "indicator": "43.228.157.205", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4265319924, "indicator": "43.228.157.102", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714400, "indicator": "43.228.157.181", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4265198136, "indicator": "43.228.157.119", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4263663073, "indicator": "18.212.65.237", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 3942267842, "indicator": "98.80.4.31", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 98.80.4.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 2119190759, "indicator": "60.13.7.91", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275711302, "indicator": "77.53.231.107", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 77.53.231.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4203691824, "indicator": "182.119.227.189", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.227.189 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281807822, "indicator": "64.186.243.68", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4227809564, "indicator": "200.107.247.253", "type": "IPv4", "created": "2026-03-25T22:09:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281811176, "indicator": "82.29.128.80", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 82.29.128.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4151494369, "indicator": "85.50.149.216", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 85.50.149.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4247088507, "indicator": "181.93.43.83", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 181.93.43.83 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275405590, "indicator": "43.157.209.93", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 43.157.209.93 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 3725788693, "indicator": "47.91.120.169", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 47.91.120.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4262481564, "indicator": "47.253.246.87", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.253.246.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 2272141727, "indicator": "202.51.100.238", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 202.51.100.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281646306, "indicator": "14.225.18.19", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 14.225.18.19 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-03-25 21:29 and 2026-03-25 21:29 UTC.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281695463, "indicator": "222.93.150.75", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 222.93.150.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 2135010503, "indicator": "68.183.105.117", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 68.183.105.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 2812376827, "indicator": "121.121.60.200", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 121.121.60.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4154872775, "indicator": "62.84.185.55", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 62.84.185.55 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 75 times when connecting to mdms1 between 2026-03-25 21:19 and 2026-03-25 21:26 UTC.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4097303889, "indicator": "54.37.84.47", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 54.37.84.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281885249, "indicator": "195.26.255.237", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack, cowrie. 195.26.255.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, reported).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 3584137195, "indicator": "122.118.201.172", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Miaoli, Taiwan (AS3462, Data Communication Business Group). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4109237727, "indicator": "125.23.207.42", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from India (AS9498, BHARTI Airtel Ltd.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 4 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewall mani...", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281883475, "indicator": "190.216.132.30", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 190.216.132.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 3841439687, "indicator": "221.207.35.193", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281643022, "indicator": "66.132.195.106", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275709333, "indicator": "36.136.59.19", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 36.136.59.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243353609, "indicator": "43.228.157.80", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243347578, "indicator": "185.242.3.94", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266790023, "indicator": "43.228.157.118", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243347577, "indicator": "185.242.3.103", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4242956766, "indicator": "185.242.3.99", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4241356010, "indicator": "43.228.157.79", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243095098, "indicator": "185.242.3.95", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266744405, "indicator": "43.228.157.116", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243094913, "indicator": "185.242.3.100", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266414530, "indicator": "43.228.157.113", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243008500, "indicator": "185.242.3.91", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266744404, "indicator": "43.228.157.104", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243356634, "indicator": "185.242.3.93", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243015075, "indicator": "185.242.3.92", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266813266, "indicator": "43.228.157.110", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266743406, "indicator": "185.242.3.147", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243311787, "indicator": "185.242.3.88", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697321, "indicator": "43.228.157.193", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697327, "indicator": "43.228.157.221", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714419, "indicator": "43.228.157.218", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275613676, "indicator": "43.228.157.198", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275680839, "indicator": "43.228.157.196", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275620376, "indicator": "43.228.157.157", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714414, "indicator": "43.228.157.192", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4265380296, "indicator": "185.242.3.155", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697329, "indicator": "43.228.157.224", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714418, "indicator": "43.228.157.148", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714410, "indicator": "43.228.157.186", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275664136, "indicator": "43.228.157.179", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697328, "indicator": "43.228.157.222", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697325, "indicator": "43.228.157.219", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714411, "indicator": "43.228.157.154", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714407, "indicator": "43.228.157.212", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275613673, "indicator": "43.228.157.184", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4266473554, "indicator": "185.242.3.139", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714399, "indicator": "43.228.157.201", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275686509, "indicator": "43.228.157.189", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275684338, "indicator": "43.228.157.216", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275555706, "indicator": "43.228.157.225", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275710895, "indicator": "43.228.157.213", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275710922, "indicator": "43.228.157.210", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275684334, "indicator": "43.228.157.135", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275705454, "indicator": "43.228.157.151", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275742966, "indicator": "43.228.157.199", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714409, "indicator": "43.228.157.202", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275613672, "indicator": "43.228.157.178", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275696304, "indicator": "185.242.3.149", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275701570, "indicator": "43.228.157.138", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697317, "indicator": "43.228.157.163", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697323, "indicator": "43.228.157.208", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4243211474, "indicator": "185.242.3.90", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from The Netherlands (AS60223, Netiface Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275616285, "indicator": "43.228.157.185", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697320, "indicator": "43.228.157.188", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275686510, "indicator": "43.228.157.190", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275697319, "indicator": "43.228.157.182", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4276741811, "indicator": "43.228.157.205", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4265319924, "indicator": "43.228.157.102", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275714400, "indicator": "43.228.157.181", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4265198136, "indicator": "43.228.157.119", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pakistan (AS205759, Ghosty Networks LLC). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4263663073, "indicator": "18.212.65.237", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 3942267842, "indicator": "98.80.4.31", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 98.80.4.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 2119190759, "indicator": "60.13.7.91", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4275711302, "indicator": "77.53.231.107", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 77.53.231.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4203691824, "indicator": "182.119.227.189", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.227.189 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4281807822, "indicator": "64.186.243.68", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4227809564, "indicator": "200.107.247.253", "type": "IPv4", "created": "2026-03-25T22:09:27", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-24T22:08:02", "is_active": 1 }, { "id": 4247264580, "indicator": "8.209.196.146", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Tokyo, Japan (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3366198884, "indicator": "51.89.198.5", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:web-attack. IP observed in Suricata network metadata", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4132457099, "indicator": "103.82.27.19", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.82.27.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4281893814, "indicator": "111.228.63.208", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 111.228.63.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4243313386, "indicator": "8.216.15.47", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.216.15.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4281891960, "indicator": "178.141.21.91", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 178.141.21.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4281800050, "indicator": "20.151.201.236", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.151.201.236 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 108 times when connecting to db1lapetro between 2026-03-25 22:11 and 2026-03-25 22:11 UTC.", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4281497610, "indicator": "2.27.36.16", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 2.27.36.16 observed using SSH client fingerprint 'Unknown SSH Client (2ec37a7cc8da)' 22 times when connecting to mdms1 between 2026-03-25 21:20 and 2026-03-25 21:33 UTC.", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4255806007, "indicator": "43.106.122.66", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.106.122.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3463564629, "indicator": "89.251.0.94", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 89.251.0.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3502375270, "indicator": "89.251.0.103", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 89.251.0.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3659984753, "indicator": "2.57.169.2", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 2.57.169.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3463568673, "indicator": "89.251.0.81", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:reported, abuseipdb:web-attack. 89.251.0.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3508468290, "indicator": "89.251.0.92", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 89.251.0.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3496396301, "indicator": "89.251.0.89", "type": "IPv4", "created": "2026-03-25T23:10:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 89.251.0.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4247264580, "indicator": "8.209.196.146", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Tokyo, Japan (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3366198884, "indicator": "51.89.198.5", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:web-attack. IP observed in Suricata network metadata", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4132457099, "indicator": "103.82.27.19", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.82.27.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4281893814, "indicator": "111.228.63.208", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 111.228.63.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4243313386, "indicator": "8.216.15.47", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.216.15.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4281891960, "indicator": "178.141.21.91", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 178.141.21.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4281800050, "indicator": "20.151.201.236", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.151.201.236 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 108 times when connecting to db1lapetro between 2026-03-25 22:11 and 2026-03-25 22:11 UTC.", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4281497610, "indicator": "2.27.36.16", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 2.27.36.16 observed using SSH client fingerprint 'Unknown SSH Client (2ec37a7cc8da)' 22 times when connecting to mdms1 between 2026-03-25 21:20 and 2026-03-25 21:33 UTC.", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 4255806007, "indicator": "43.106.122.66", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.106.122.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3463564629, "indicator": "89.251.0.94", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 89.251.0.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3502375270, "indicator": "89.251.0.103", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 89.251.0.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3659984753, "indicator": "2.57.169.2", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 2.57.169.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3463568673, "indicator": "89.251.0.81", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:reported, abuseipdb:web-attack. 89.251.0.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3508468290, "indicator": "89.251.0.92", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 89.251.0.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3496396301, "indicator": "89.251.0.89", "type": "IPv4", "created": "2026-03-25T23:11:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 89.251.0.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-24T23:09:13", "is_active": 1 }, { "id": 3967121916, "indicator": "58.211.199.182", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 58.211.199.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 4186637397, "indicator": "221.160.31.251", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 221.160.31.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 4013776094, "indicator": "112.248.110.151", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 4m 53s; 23 events.", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 2127284299, "indicator": "2.228.163.157", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Italy (AS12874, Fastweb). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 5 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 malware samples. SS...", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 4013576879, "indicator": "58.212.237.69", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 3601960204, "indicator": "194.187.178.167", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.178.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 3602995890, "indicator": "194.187.178.40", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.178.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 4147392296, "indicator": "170.254.18.167", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 170.254.18.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 3334571947, "indicator": "122.163.178.105", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 122.163.178.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 4247289212, "indicator": "8.209.211.202", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.209.211.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 2194507420, "indicator": "66.96.237.254", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from South Tangerang, Indonesia (AS63859, PT. Eka Mas Republik). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 4 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persisten...", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 4279950450, "indicator": "179.183.196.198", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Maring\u00e1, Brazil (AS18881, TELEFONICA BRASIL S.A). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing,...", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 4281901866, "indicator": "36.94.2.142", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP from Jakarta, Indonesia (AS7713, PT Telekomunikasi Indonesia). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delive...", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 4281901865, "indicator": "139.159.206.165", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Guangzhou, China (AS55990, Huawei Cloud Service data center) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. 1 events.", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 4281800346, "indicator": "163.245.203.159", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 163.245.203.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 4272898013, "indicator": "103.18.14.235", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 103.18.14.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 4229987531, "indicator": "170.187.158.172", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Atlanta, United States (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 21s; 20 events.", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 985557214, "indicator": "82.129.237.3", "type": "IPv4", "created": "2026-03-26T00:12:55", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 82.129.237.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T00:10:24", "is_active": 1 }, { "id": 4227540593, "indicator": "112.166.31.254", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 112.166.31.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4275708405, "indicator": "173.170.220.64", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 173.170.220.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4281925701, "indicator": "34.38.104.163", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 34.38.104.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4281920648, "indicator": "122.121.95.25", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 122.121.95.25 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4269290424, "indicator": "209.142.100.18", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 209.142.100.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4243019631, "indicator": "8.216.8.127", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.216.8.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4136980727, "indicator": "139.135.59.252", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 139.135.59.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4237249153, "indicator": "109.89.252.93", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Waremme, Belgium (AS12392, VOO S.A.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 32s; 2 events.", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4254086452, "indicator": "167.86.124.164", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 31s; 2 events.", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4281918431, "indicator": "171.231.194.176", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 171.231.194.176 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 5 times when connecting to db1lapetro between 2026-03-26 00:17 and 2026-03-26 00:27 UTC.", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4222302879, "indicator": "58.147.187.36", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 58.147.187.36 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db4lamedtech between 2026-03-26 00:15 and 2026-03-26 00:25 UTC.", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 3919193204, "indicator": "14.224.162.164", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.224.162.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4153276426, "indicator": "77.239.107.25", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 77.239.107.25 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db4lamedtech between 2026-03-26 00:13 and 2026-03-26 00:22 UTC.", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4281916147, "indicator": "199.71.214.133", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Dallas, United States (AS40676, Psychz Networks). Observed targeting healthcare sector honeypot medtech-hp-01 via sentrypeer. 1 events.", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4281916074, "indicator": "20.118.224.11", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 20.118.224.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4281914507, "indicator": "121.36.81.57", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 121.36.81.57 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 6 times when connecting to db1lapetro between 2026-03-26 00:01 and 2026-03-26 00:11 UTC.", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4272932756, "indicator": "211.97.69.110", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. 1 events.", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 3366096854, "indicator": "14.141.127.90", "type": "IPv4", "created": "2026-03-26T01:13:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 14.141.127.90 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 4 times when connecting to db1lapetro between 2026-03-26 00:01 and 2026-03-26 00:10 UTC.", "expiration": "2026-04-25T01:13:01", "is_active": 1 }, { "id": 4260070390, "indicator": "137.184.203.236", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 137.184.203.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 3593436197, "indicator": "106.4.161.138", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.4.161.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 3700483005, "indicator": "182.119.226.70", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 182.119.226.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 3891435216, "indicator": "47.240.45.5", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.240.45.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4143687654, "indicator": "8.138.174.161", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 8.138.174.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4237249354, "indicator": "119.3.161.78", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 119.3.161.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 3778382262, "indicator": "124.117.192.49", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4281642136, "indicator": "183.158.90.68", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Hangzhou, China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4136336854, "indicator": "198.58.122.145", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 198.58.122.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4178225039, "indicator": "167.71.64.80", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 167.71.64.80 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-03-26 01:39 and 2026-03-26 01:39 UTC.", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4278325988, "indicator": "169.255.57.220", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 169.255.57.220 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 2214469551, "indicator": "141.149.36.27", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 141.149.36.27 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4218216041, "indicator": "112.4.186.109", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 112.4.186.109 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to db1lapetro between 2026-03-26 01:17 and 2026-03-26 01:17 UTC.", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4281923442, "indicator": "163.172.104.170", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 163.172.104.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4245091012, "indicator": "34.67.115.220", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 34.67.115.220 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 00:47 and 2026-03-26 00:57 UTC.", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4281920646, "indicator": "171.231.190.202", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 171.231.190.202 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 8 times when connecting to db1lapetro between 2026-03-26 00:33 and 2026-03-26 01:05 UTC.", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4281914905, "indicator": "171.231.195.132", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 171.231.195.132 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 15 times when connecting to db1lapetro between 2026-03-26 00:10 and 2026-03-26 01:03 UTC.", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4281784222, "indicator": "118.145.105.125", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. Attacker IP 118.145.105.125 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to mdms1 between 2026-03-26 01:15 and 2026-03-26 01:15 UTC.", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 3654331600, "indicator": "36.92.107.106", "type": "IPv4", "created": "2026-03-26T02:13:29", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-25T02:13:15", "is_active": 1 }, { "id": 4056754614, "indicator": "114.34.169.237", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 114.34.169.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4173285085, "indicator": "222.176.201.48", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4166215847, "indicator": "116.178.131.9", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.9 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4008178001, "indicator": "61.216.166.31", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 61.216.166.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4183940559, "indicator": "192.241.245.158", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 192.241.245.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4109489958, "indicator": "165.154.227.206", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 165.154.227.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4176877160, "indicator": "1.15.14.29", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 1.15.14.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4023435532, "indicator": "118.212.122.143", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4265253606, "indicator": "101.47.158.54", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 101.47.158.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4281804459, "indicator": "159.65.140.241", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 159.65.140.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4256348803, "indicator": "76.164.199.207", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 76.164.199.207 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4133669267, "indicator": "103.189.234.73", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.189.234.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4281920884, "indicator": "172.239.105.137", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from London, United Kingdom (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via tanner. 1 events.", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 3850351530, "indicator": "44.220.185.129", "type": "IPv4", "created": "2026-03-26T03:13:52", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-25T03:13:39", "is_active": 1 }, { "id": 4281651566, "indicator": "185.23.238.122", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.23.238.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4241317502, "indicator": "43.106.133.180", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.106.133.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4281944888, "indicator": "124.169.84.176", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 124.169.84.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4281943356, "indicator": "38.103.158.155", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 38.103.158.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 2293595606, "indicator": "137.59.230.15", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 137.59.230.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4169413728, "indicator": "58.243.46.134", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.243.46.134 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4281653316, "indicator": "119.62.96.204", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 119.62.96.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4075514860, "indicator": "147.135.213.172", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 147.135.213.172 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-03-26 03:45 and 2026-03-26 03:45 UTC.", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 3890176613, "indicator": "162.210.245.77", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.210.245.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4141601353, "indicator": "123.209.123.67", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.209.123.67 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4208300583, "indicator": "72.255.29.8", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 72.255.29.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4281941086, "indicator": "14.116.254.43", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 14.116.254.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4281758614, "indicator": "89.167.109.67", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 89.167.109.67 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db4lamedtech between 2026-03-26 03:18 and 2026-03-26 03:25 UTC.", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4281883632, "indicator": "103.186.139.149", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 103.186.139.149 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db4lamedtech between 2026-03-26 03:18 and 2026-03-26 03:27 UTC.", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4280850117, "indicator": "80.102.218.207", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 80.102.218.207 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db4lamedtech between 2026-03-26 03:15 and 2026-03-26 03:25 UTC.", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 3941718106, "indicator": "161.10.232.184", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 161.10.232.184 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db4lamedtech between 2026-03-26 03:15 and 2026-03-26 03:26 UTC.", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4274785090, "indicator": "109.199.98.14", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. duration: 6m 16s; 10 events.", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4011922183, "indicator": "185.247.137.84", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 3917512785, "indicator": "14.99.205.146", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 14.99.205.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4281939349, "indicator": "206.81.4.197", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 206.81.4.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 3912646554, "indicator": "118.212.121.209", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.121.209 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4226447318, "indicator": "190.244.24.185", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4281900951, "indicator": "157.245.127.4", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4081637444, "indicator": "110.190.36.131", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 110.190.36.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, low, port-scan).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 3856327140, "indicator": "44.220.188.142", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. IP observed in Suricata network metadata", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4278812548, "indicator": "45.17.39.120", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.17.39.120 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4051401390, "indicator": "81.57.15.243", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 81.57.15.243 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4281893011, "indicator": "152.42.168.165", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 4281893612, "indicator": "95.111.229.234", "type": "IPv4", "created": "2026-03-26T04:14:12", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata", "expiration": "2026-04-25T04:14:10", "is_active": 1 }, { "id": 3291862380, "indicator": "139.59.114.85", "type": "IPv4", "created": "2026-03-26T05:14:18", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.114.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T05:14:17", "is_active": 1 }, { "id": 3709401530, "indicator": "146.88.241.113", "type": "IPv4", "created": "2026-03-26T05:14:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS20052, Arbor Networks, Inc.). Observed targeting energy sector honeypot petroleum-hp-01 via sentrypeer. 1 events.", "expiration": "2026-04-25T05:14:17", "is_active": 1 }, { "id": 4261338215, "indicator": "185.234.69.123", "type": "IPv4", "created": "2026-03-26T05:14:18", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.234.69.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T05:14:17", "is_active": 1 }, { "id": 4166769714, "indicator": "216.198.118.235", "type": "IPv4", "created": "2026-03-26T05:14:18", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 216.198.118.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T05:14:17", "is_active": 1 }, { "id": 4281946501, "indicator": "114.40.38.172", "type": "IPv4", "created": "2026-03-26T05:14:18", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.40.38.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T05:14:17", "is_active": 1 }, { "id": 4281940872, "indicator": "43.166.156.13", "type": "IPv4", "created": "2026-03-26T05:14:18", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 43.166.156.13 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db4lamedtech between 2026-03-26 04:03 and 2026-03-26 04:11 UTC.", "expiration": "2026-04-25T05:14:17", "is_active": 1 }, { "id": 4281913054, "indicator": "20.104.199.149", "type": "IPv4", "created": "2026-03-26T05:14:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.104.199.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T05:14:17", "is_active": 1 }, { "id": 4241375399, "indicator": "27.47.25.135", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.135 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4172962631, "indicator": "27.47.24.103", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.24.103 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4163306896, "indicator": "36.250.220.211", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 3711516208, "indicator": "131.221.236.23", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 131.221.236.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4068259088, "indicator": "110.77.165.154", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 110.77.165.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4146404865, "indicator": "120.48.73.11", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 120.48.73.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4226929420, "indicator": "220.135.141.1", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 220.135.141.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 2598795184, "indicator": "221.11.60.157", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.11.60.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281950847, "indicator": "47.84.207.157", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 47.84.207.157 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281634516, "indicator": "190.52.38.112", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 190.52.38.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4225731085, "indicator": "110.38.211.71", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 110.38.211.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281963091, "indicator": "47.84.206.194", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 47.84.206.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281963095, "indicator": "47.245.128.96", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.245.128.96 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281961480, "indicator": "105.224.56.19", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 105.224.56.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281963461, "indicator": "47.84.115.39", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 47.84.115.39 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281954777, "indicator": "92.191.96.70", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 92.191.96.70 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db1lapetro between 2026-03-26 05:14 and 2026-03-26 05:23 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4193804397, "indicator": "217.76.57.186", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 217.76.57.186 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db1lapetro between 2026-03-26 05:16 and 2026-03-26 05:24 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4162219632, "indicator": "156.67.26.237", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 156.67.26.237 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db1lapetro between 2026-03-26 05:15 and 2026-03-26 05:24 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 3384840377, "indicator": "43.242.247.141", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 43.242.247.141 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281959880, "indicator": "186.147.245.93", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 186.147.245.93 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 05:15 and 2026-03-26 05:24 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4274399878, "indicator": "165.154.6.86", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 165.154.6.86 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to db1lapetro between 2026-03-26 05:15 and 2026-03-26 05:24 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281933421, "indicator": "103.67.78.23", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 103.67.78.23 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 05:12 and 2026-03-26 05:24 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4056529442, "indicator": "117.146.148.164", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. Attacker IP from China (AS9808, China Mobile Communications Group Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via adbhoney. duration: 1m 43s; 2 events.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281759588, "indicator": "217.164.222.32", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 217.164.222.32 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 05:06 and 2026-03-26 05:16 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 2776106168, "indicator": "188.166.21.201", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 188.166.21.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281955981, "indicator": "59.47.34.161", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:reported. 59.47.34.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281913528, "indicator": "103.250.11.233", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.250.11.233 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db1lapetro between 2026-03-26 05:03 and 2026-03-26 05:15 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 2731744192, "indicator": "51.75.247.232", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 51.75.247.232 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 05:03 and 2026-03-26 05:13 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 3858714937, "indicator": "45.79.19.23", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 45.79.19.23 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db1lapetro between 2026-03-26 05:02 and 2026-03-26 05:12 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4151120558, "indicator": "20.24.137.18", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.24.137.18 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 05:01 and 2026-03-26 05:14 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4268098231, "indicator": "87.16.197.52", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 87.16.197.52 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db4lamedtech between 2026-03-26 04:56 and 2026-03-26 05:05 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281947893, "indicator": "103.155.57.54", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 103.155.57.54 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db4lamedtech between 2026-03-26 04:50 and 2026-03-26 05:04 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281917913, "indicator": "43.166.136.253", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 43.166.136.253 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 05:11 and 2026-03-26 05:22 UTC.", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4225008032, "indicator": "47.91.93.130", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 47.91.93.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4224726343, "indicator": "185.236.25.178", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.236.25.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4011770634, "indicator": "185.247.137.250", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4281896711, "indicator": "23.29.156.174", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 23.29.156.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4280362249, "indicator": "109.199.104.6", "type": "IPv4", "created": "2026-03-26T06:14:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-25T06:14:23", "is_active": 1 }, { "id": 4173720718, "indicator": "121.29.85.245", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 121.29.85.245 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4008807727, "indicator": "220.167.233.166", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.233.166 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4281966266, "indicator": "189.161.43.73", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Puebla City, Mexico (AS8151, UNINET). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 4 unique usernames, execution of 62 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewall m...", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4241151694, "indicator": "43.133.62.11", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Singapore, Singapore (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 5 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron pe...", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4281976751, "indicator": "47.84.141.156", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.84.141.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4281952010, "indicator": "217.217.251.125", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 217.217.251.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4054434138, "indicator": "39.117.79.36", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Suwon, South Korea (AS9318, SK Broadband Co Ltd). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 4 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, ...", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4048438367, "indicator": "190.65.59.53", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Bucaramanga, Colombia (AS3816, COLOMBIA TELECOMUNICACIONES S.A. ESP BIC). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 3 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron...", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4275709170, "indicator": "221.229.106.252", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 221.229.106.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4233494134, "indicator": "134.199.175.160", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 134.199.175.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4160362815, "indicator": "116.255.250.104", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 116.255.250.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4275853184, "indicator": "161.35.173.173", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 161.35.173.173 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db4lamedtech between 2026-03-26 06:35 and 2026-03-26 06:42 UTC.", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4281801861, "indicator": "195.133.64.244", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 195.133.64.244 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 4 times when connecting to db1lapetro between 2026-03-26 06:34 and 2026-03-26 06:46 UTC.", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4281948612, "indicator": "88.127.99.152", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 88.127.99.152 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db4lamedtech between 2026-03-26 06:33 and 2026-03-26 06:42 UTC.", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4174581074, "indicator": "35.141.225.249", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 35.141.225.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 3853587541, "indicator": "220.167.232.102", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4281881384, "indicator": "130.185.123.217", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 130.185.123.217 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db4lamedtech between 2026-03-26 06:29 and 2026-03-26 06:41 UTC.", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 3839520870, "indicator": "188.130.160.181", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 188.130.160.181 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 4 times when connecting to db4lamedtech between 2026-03-26 06:29 and 2026-03-26 06:43 UTC.", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 3649413601, "indicator": "194.187.179.153", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 194.187.179.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4280850128, "indicator": "163.7.4.169", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP 163.7.4.169 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 5 times when connecting to db1lapetro between 2026-03-26 06:22 and 2026-03-26 06:22 UTC.", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4173681974, "indicator": "59.173.108.194", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4281969935, "indicator": "20.234.100.218", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.234.100.218 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 96 times when connecting to db4lamedtech between 2026-03-26 06:14 and 2026-03-26 06:14 UTC.", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4154136821, "indicator": "61.238.27.209", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 61.238.27.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level2); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4281948294, "indicator": "47.84.137.147", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 23s; 3 events.", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 3589453770, "indicator": "109.123.253.26", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4152193778, "indicator": "51.91.11.31", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4260883568, "indicator": "20.115.99.68", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 20.115.99.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4281934812, "indicator": "206.135.174.192", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 206.135.174.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4281934811, "indicator": "117.255.209.150", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.255.209.150 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4280194333, "indicator": "103.173.7.173", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 103.173.7.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4281931524, "indicator": "89.152.179.132", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 89.152.179.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4162725614, "indicator": "36.250.220.237", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 36.250.220.237 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 4281923392, "indicator": "94.143.142.203", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 94.143.142.203 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 3994003181, "indicator": "98.80.4.3", "type": "IPv4", "created": "2026-03-26T07:15:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-25T07:14:38", "is_active": 1 }, { "id": 2277994984, "indicator": "185.247.137.147", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4275554630, "indicator": "101.91.114.235", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 101.91.114.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4281800519, "indicator": "23.225.213.67", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 23.225.213.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4210156112, "indicator": "113.201.153.165", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username, delivery of 1 malware sample. SSH client: SSH-2.0-Go (HASSH: 98ddc5604ef6...); duration: 3m 7s; 20 events.", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4241344726, "indicator": "117.254.128.37", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.254.128.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4204442637, "indicator": "150.138.182.189", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 150.138.182.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4281979733, "indicator": "47.84.134.251", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.134.251 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 2469068128, "indicator": "208.110.64.186", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4271538622, "indicator": "103.131.85.193", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 103.131.85.193 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to db4lamedtech between 2026-03-26 07:23 and 2026-03-26 07:27 UTC.", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4281966069, "indicator": "168.96.252.158", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 168.96.252.158 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db4lamedtech between 2026-03-26 07:02 and 2026-03-26 07:13 UTC.", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4008058434, "indicator": "220.167.233.78", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.233.78 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4281977237, "indicator": "103.77.51.248", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.77.51.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 1755338499, "indicator": "159.89.165.127", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.89.165.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4281966013, "indicator": "138.128.240.172", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 138.128.240.172 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to db4lamedtech between 2026-03-26 06:59 and 2026-03-26 07:10 UTC.", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4228055277, "indicator": "150.241.244.61", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 150.241.244.61 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to db4lamedtech between 2026-03-26 07:02 and 2026-03-26 07:11 UTC.", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4281966054, "indicator": "167.172.171.218", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 167.172.171.218 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 6 times when connecting to db4lamedtech between 2026-03-26 06:31 and 2026-03-26 06:45 UTC.", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4281941285, "indicator": "105.184.114.69", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 105.184.114.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4188927711, "indicator": "117.175.147.144", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 117.175.147.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 3989773120, "indicator": "47.237.112.21", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.237.112.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4280322131, "indicator": "103.1.64.34", "type": "IPv4", "created": "2026-03-26T08:16:52", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-25T08:16:44", "is_active": 1 }, { "id": 4280289107, "indicator": "171.83.17.126", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 171.83.17.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4218403784, "indicator": "209.38.107.238", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 209.38.107.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4281966011, "indicator": "83.111.76.195", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 83.111.76.195 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4138866496, "indicator": "45.43.55.121", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.43.55.121 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4281881294, "indicator": "45.246.89.171", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.246.89.171 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4255014347, "indicator": "5.223.67.128", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 5.223.67.128 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4159121732, "indicator": "139.59.95.2", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 139.59.95.2 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4263585149, "indicator": "42.96.13.133", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 42.96.13.133 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4282054861, "indicator": "47.84.143.65", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.143.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 3759590989, "indicator": "64.225.100.57", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 64.225.100.57 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4255010904, "indicator": "147.45.134.174", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 147.45.134.174 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 08:36 and 2026-03-26 08:44 UTC.", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4263661884, "indicator": "143.110.154.123", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 143.110.154.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4282054721, "indicator": "35.233.40.58", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Brussels, Belgium (AS396982, Google LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via tanner. 1 events.", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 3182505684, "indicator": "50.225.176.238", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 50.225.176.238 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to db1lapetro between 2026-03-26 08:35 and 2026-03-26 08:44 UTC.", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4281945460, "indicator": "148.227.122.39", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bras\u00edlia, Brazil (AS14593, Space Exploration Technologies Corporation). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 3910018466, "indicator": "122.165.124.15", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 122.165.124.15 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 08:32 and 2026-03-26 08:46 UTC.", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 3759968352, "indicator": "5.29.135.63", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 5.29.135.63 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 08:31 and 2026-03-26 08:41 UTC.", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4199430959, "indicator": "95.84.146.9", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 95.84.146.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4272708696, "indicator": "134.122.111.239", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 134.122.111.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4265199242, "indicator": "152.32.129.184", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Hong Kong, Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames, execution of 9 commands (system reconnaissance), delivery of 10 ...", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4281966208, "indicator": "34.71.111.34", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Council Bluffs, United States (AS396982, Google LLC). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 5 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), de...", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4012979302, "indicator": "118.186.3.158", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from China (AS23724, IDC, China Telecommunications Corporation). Observed targeting government sector honeypot backup-hp-01 via cowrie. duration: 3m 31s; 6 events.", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4281791191, "indicator": "92.98.238.117", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 92.98.238.117 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 5 times when connecting to db4lamedtech between 2026-03-26 07:37 and 2026-03-26 07:51 UTC.", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4281951808, "indicator": "8.209.85.215", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 8.209.85.215 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 3583019952, "indicator": "103.221.220.169", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.221.220.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4281947478, "indicator": "47.84.103.150", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 47.84.103.150 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4022109881, "indicator": "149.88.103.51", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, commands:executed. 149.88.103.51 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, low, port-scan).", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4281901462, "indicator": "121.37.157.84", "type": "IPv4", "created": "2026-03-26T09:18:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Shanghai, China (AS55990, Huawei Cloud Service data center) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 2m 0s; 2 events.", "expiration": "2026-04-25T09:18:06", "is_active": 1 }, { "id": 4282063745, "indicator": "47.84.104.254", "type": "IPv4", "created": "2026-03-26T10:18:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 47.84.104.254 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-25T10:18:48", "is_active": 1 }, { "id": 4263741110, "indicator": "95.208.74.83", "type": "IPv4", "created": "2026-03-26T10:18:59", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Sulmingen, Germany (AS3209, Vodafone GmbH). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 4 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03...", "expiration": "2026-04-25T10:18:48", "is_active": 1 }, { "id": 4170907482, "indicator": "221.13.93.132", "type": "IPv4", "created": "2026-03-26T10:18:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 221.13.93.132 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T10:18:48", "is_active": 1 }, { "id": 4166615397, "indicator": "49.47.195.105", "type": "IPv4", "created": "2026-03-26T10:18:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Kozhikode, India (AS55836, Reliance Jio Infocomm Limited). Observed targeting government sector honeypot backup-hp-01 via cowrie. 3 events.", "expiration": "2026-04-25T10:18:48", "is_active": 1 }, { "id": 4278828282, "indicator": "66.132.195.64", "type": "IPv4", "created": "2026-03-26T10:18:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T10:18:48", "is_active": 1 }, { "id": 1579852633, "indicator": "83.224.138.50", "type": "IPv4", "created": "2026-03-26T10:18:59", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 83.224.138.50 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 8 times when connecting to db4lamedtech between 2026-03-26 09:37 and 2026-03-26 09:45 UTC.", "expiration": "2026-04-25T10:18:48", "is_active": 1 }, { "id": 3602364129, "indicator": "194.187.179.43", "type": "IPv4", "created": "2026-03-26T10:18:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 194.187.179.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-25T10:18:48", "is_active": 1 }, { "id": 2908330404, "indicator": "39.123.249.114", "type": "IPv4", "created": "2026-03-26T10:18:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 39.123.249.114 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 13 times when connecting to db1lapetro between 2026-03-26 08:38 and 2026-03-26 08:46 UTC.", "expiration": "2026-04-25T10:18:48", "is_active": 1 }, { "id": 4280210742, "indicator": "66.132.195.82", "type": "IPv4", "created": "2026-03-26T10:18:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS398324, Censys, Inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-25T10:18:48", "is_active": 1 }, { "id": 4166369850, "indicator": "161.97.173.12", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 161.97.173.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4282077697, "indicator": "136.119.127.235", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 136.119.127.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4199272891, "indicator": "59.173.110.241", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.241 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4193857735, "indicator": "47.254.28.88", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.254.28.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4193780291, "indicator": "95.71.127.158", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 95.71.127.158 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4282072562, "indicator": "47.245.137.15", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.245.137.15 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 3713630619, "indicator": "146.88.241.156", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 146.88.241.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4282005315, "indicator": "68.221.186.27", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 68.221.186.27 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 96 times when connecting to db4lamedtech between 2026-03-26 10:36 and 2026-03-26 10:36 UTC.", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4239358680, "indicator": "154.83.13.181", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 154.83.13.181 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 3 times when connecting to db4lamedtech between 2026-03-26 10:35 and 2026-03-26 10:46 UTC.", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4136849381, "indicator": "116.172.249.6", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 116.172.249.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4282070506, "indicator": "42.59.87.11", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 42.59.87.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4282070342, "indicator": "54.36.60.82", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported. Attacker IP 54.36.60.82 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to mdms1 between 2026-03-26 09:59 and 2026-03-26 09:59 UTC.", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4144539001, "indicator": "49.207.40.162", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 49.207.40.162 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db4lamedtech between 2026-03-26 09:44 and 2026-03-26 09:54 UTC.", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 3660153201, "indicator": "194.187.179.22", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4281800544, "indicator": "85.239.151.41", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 85.239.151.41 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 3 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4008916198, "indicator": "116.193.190.100", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 116.193.190.100 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 5 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 3632378209, "indicator": "194.187.179.236", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 194.187.179.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4281962885, "indicator": "143.110.213.173", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 143.110.213.173 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4281963090, "indicator": "47.245.143.176", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.245.143.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 3150944161, "indicator": "27.17.3.22", "type": "IPv4", "created": "2026-03-26T11:20:03", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 27.17.3.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T11:20:02", "is_active": 1 }, { "id": 4127814706, "indicator": "41.25.40.194", "type": "IPv4", "created": "2026-03-26T12:20:42", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 41.25.40.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T12:20:21", "is_active": 1 }, { "id": 4148873758, "indicator": "87.121.84.52", "type": "IPv4", "created": "2026-03-26T12:20:42", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 87.121.84.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T12:20:21", "is_active": 1 }, { "id": 3987354154, "indicator": "44.220.188.195", "type": "IPv4", "created": "2026-03-26T12:20:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 44.220.188.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T12:20:21", "is_active": 1 }, { "id": 4208816439, "indicator": "117.247.255.185", "type": "IPv4", "created": "2026-03-26T12:20:42", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 117.247.255.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T12:20:21", "is_active": 1 }, { "id": 4158462352, "indicator": "178.16.52.166", "type": "IPv4", "created": "2026-03-26T12:20:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Frankfurt am Main, Germany (AS202412, Omegatech LTD). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 13 failed login attempts, 13 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-Go (HASSH: 2ec37a7cc8da...); duration: 15m 41s; 65 events.", "expiration": "2026-04-25T12:20:21", "is_active": 1 }, { "id": 4278871689, "indicator": "66.132.224.226", "type": "IPv4", "created": "2026-03-26T12:20:42", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.132.224.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T12:20:21", "is_active": 1 }, { "id": 4282079599, "indicator": "47.84.100.160", "type": "IPv4", "created": "2026-03-26T12:20:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.100.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-25T12:20:21", "is_active": 1 }, { "id": 4080940651, "indicator": "51.159.29.84", "type": "IPv4", "created": "2026-03-26T12:20:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.159.29.84 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 6 times when connecting to db1lapetro between 2026-03-26 11:17 and 2026-03-26 11:23 UTC.", "expiration": "2026-04-25T12:20:21", "is_active": 1 }, { "id": 4282080989, "indicator": "110.10.176.229", "type": "IPv4", "created": "2026-03-26T12:20:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Siheung-si, South Korea (AS9318, SK Broadband Co Ltd). Observed targeting healthcare sector honeypot medtech-hp-01 via sentrypeer. 1 events.", "expiration": "2026-04-25T12:20:21", "is_active": 1 }, { "id": 4173436264, "indicator": "59.173.110.205", "type": "IPv4", "created": "2026-03-26T12:20:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.205 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T12:20:21", "is_active": 1 }, { "id": 4281653549, "indicator": "103.133.56.19", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Jakarta, Indonesia (AS138131, CV. NATANETWORK SOLUTION). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 5 unique usernames, execution of 66 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), deli...", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4172146811, "indicator": "183.179.114.151", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 183.179.114.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4004978503, "indicator": "62.146.234.128", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore, Singapore (AS141995, Contabo Asia Private Limited). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 5 unique usernames, execution of 66 commands (SSH key persistence, password changes, system reconnaissance, cron persiste...", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4157193073, "indicator": "36.250.221.154", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.154 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4281981256, "indicator": "198.12.67.127", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 198.12.67.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4282093626, "indicator": "8.219.237.46", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 8.219.237.46 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4282093728, "indicator": "115.211.95.167", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 115.211.95.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 3381213299, "indicator": "175.107.3.143", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 175.107.3.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4282093624, "indicator": "47.84.138.72", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 47.84.138.72 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4187418242, "indicator": "188.166.71.53", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 188.166.71.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, port-scan).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4122613056, "indicator": "61.39.73.37", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 61.39.73.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4078003031, "indicator": "51.68.107.138", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 51.68.107.138 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db4lamedtech between 2026-03-26 12:35 and 2026-03-26 12:35 UTC.", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 3484880533, "indicator": "45.148.148.31", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 45.148.148.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4282090194, "indicator": "47.84.106.109", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 47.84.106.109 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4074295252, "indicator": "186.117.251.40", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 186.117.251.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4280196734, "indicator": "66.132.195.59", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.195.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4226713885, "indicator": "41.111.172.2", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 41.111.172.2 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 2 times when connecting to db1lapetro between 2026-03-26 11:45 and 2026-03-26 11:45 UTC.", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4282085037, "indicator": "172.213.8.18", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 172.213.8.18 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 40 times when connecting to db4lamedtech between 2026-03-26 11:43 and 2026-03-26 11:44 UTC.", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4250736678, "indicator": "103.145.63.218", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.145.63.218 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db1lapetro between 2026-03-26 11:40 and 2026-03-26 11:50 UTC.", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4271578843, "indicator": "103.166.102.17", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.166.102.17 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 11:40 and 2026-03-26 11:49 UTC.", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4281943621, "indicator": "160.191.50.139", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 160.191.50.139 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to db1lapetro between 2026-03-26 11:37 and 2026-03-26 11:49 UTC.", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4262423986, "indicator": "95.85.240.24", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 95.85.240.24 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 6 times when connecting to db1lapetro between 2026-03-26 11:36 and 2026-03-26 11:47 UTC.", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4281902768, "indicator": "14.194.62.218", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 14.194.62.218 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 10 times when connecting to db1lapetro between 2026-03-26 11:35 and 2026-03-26 11:50 UTC.", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4281810782, "indicator": "87.239.107.12", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 87.239.107.12 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 6 times when connecting to db1lapetro between 2026-03-26 11:35 and 2026-03-26 11:47 UTC.", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4281983449, "indicator": "206.135.161.102", "type": "IPv4", "created": "2026-03-26T13:24:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 206.135.161.102 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-25T13:23:20", "is_active": 1 }, { "id": 4282098409, "indicator": "172.235.15.234", "type": "IPv4", "created": "2026-03-26T14:05:46", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.235.15.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4265256324, "indicator": "181.174.231.149", "type": "IPv4", "created": "2026-03-26T14:05:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 181.174.231.149 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4282094404, "indicator": "8.209.85.27", "type": "IPv4", "created": "2026-03-26T14:05:46", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 8.209.85.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4076692632, "indicator": "181.174.231.148", "type": "IPv4", "created": "2026-03-26T14:05:46", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 181.174.231.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 3925813251, "indicator": "222.94.32.176", "type": "IPv4", "created": "2026-03-26T14:05:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.94.32.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4282090192, "indicator": "47.84.103.101", "type": "IPv4", "created": "2026-03-26T14:05:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 23s; 3 events.", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4282012727, "indicator": "34.62.33.117", "type": "IPv4", "created": "2026-03-26T14:05:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Brussels, Belgium (AS396982, Google LLC). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4281985009, "indicator": "113.206.130.145", "type": "IPv4", "created": "2026-03-26T14:05:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 113.206.130.145 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4282098409, "indicator": "172.235.15.234", "type": "IPv4", "created": "2026-03-26T14:08:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.235.15.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4265256324, "indicator": "181.174.231.149", "type": "IPv4", "created": "2026-03-26T14:08:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 181.174.231.149 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4282094404, "indicator": "8.209.85.27", "type": "IPv4", "created": "2026-03-26T14:08:13", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 8.209.85.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4076692632, "indicator": "181.174.231.148", "type": "IPv4", "created": "2026-03-26T14:08:13", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 181.174.231.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 3925813251, "indicator": "222.94.32.176", "type": "IPv4", "created": "2026-03-26T14:08:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.94.32.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4282090192, "indicator": "47.84.103.101", "type": "IPv4", "created": "2026-03-26T14:08:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 23s; 3 events.", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4282012727, "indicator": "34.62.33.117", "type": "IPv4", "created": "2026-03-26T14:08:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Brussels, Belgium (AS396982, Google LLC). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4281985009, "indicator": "113.206.130.145", "type": "IPv4", "created": "2026-03-26T14:08:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 113.206.130.145 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4282098409, "indicator": "172.235.15.234", "type": "IPv4", "created": "2026-03-26T14:08:41", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.235.15.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4265256324, "indicator": "181.174.231.149", "type": "IPv4", "created": "2026-03-26T14:08:41", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 181.174.231.149 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4282094404, "indicator": "8.209.85.27", "type": "IPv4", "created": "2026-03-26T14:08:41", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 8.209.85.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4076692632, "indicator": "181.174.231.148", "type": "IPv4", "created": "2026-03-26T14:08:41", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 181.174.231.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 3925813251, "indicator": "222.94.32.176", "type": "IPv4", "created": "2026-03-26T14:08:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.94.32.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4282090192, "indicator": "47.84.103.101", "type": "IPv4", "created": "2026-03-26T14:08:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 23s; 3 events.", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4282012727, "indicator": "34.62.33.117", "type": "IPv4", "created": "2026-03-26T14:08:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Brussels, Belgium (AS396982, Google LLC). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4281985009, "indicator": "113.206.130.145", "type": "IPv4", "created": "2026-03-26T14:08:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 113.206.130.145 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T14:03:41", "is_active": 1 }, { "id": 4282100218, "indicator": "212.237.116.179", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 212.237.116.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 2127572430, "indicator": "81.30.208.254", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 81.30.208.254 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (15 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4152140965, "indicator": "87.121.84.77", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 87.121.84.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4176863382, "indicator": "36.250.221.162", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.162 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4281547102, "indicator": "89.126.211.227", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 89.126.211.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4282100219, "indicator": "4.206.17.96", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 4.206.17.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4282100220, "indicator": "81.92.191.245", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 81.92.191.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4054560424, "indicator": "176.65.134.27", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 176.65.134.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4281966049, "indicator": "147.93.156.75", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore, Singapore (AS141995, Contabo Asia Private Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. 2 events.", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4275732098, "indicator": "116.118.45.133", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.118.45.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4069655786, "indicator": "47.86.9.16", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 47.86.9.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 3653754181, "indicator": "24.199.120.7", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 24.199.120.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4282100221, "indicator": "89.42.231.137", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from The Netherlands (AS206264, Amarutu Technology Ltd). Observed targeting healthcare sector honeypot medtech-hp-01 via tanner. 1 events.", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4280272938, "indicator": "66.132.195.115", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.195.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4227746636, "indicator": "43.135.71.158", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 43.135.71.158 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db1lapetro between 2026-03-26 13:54 and 2026-03-26 14:06 UTC.", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4008261844, "indicator": "103.189.234.9", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.189.234.9 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 13:54 and 2026-03-26 14:07 UTC.", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 2724423720, "indicator": "143.244.57.82", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Paris, France. Observed targeting healthcare sector honeypot mdms-hp-01 via h0neytr4p. 1 events.", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4172926626, "indicator": "51.83.7.88", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 51.83.7.88 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 75 times when connecting to mdms1 between 2026-03-26 13:13 and 2026-03-26 13:15 UTC.", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4275551075, "indicator": "217.216.37.52", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 217.216.37.52 observed using HTTP client fingerprint 'HTTP Client: Go-http-client/1.1' 3 times when connecting to mdms1 between 2026-03-26 13:08 and 2026-03-26 13:08 UTC.", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4257066777, "indicator": "156.57.148.138", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 156.57.148.138 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db1lapetro between 2026-03-26 13:08 and 2026-03-26 13:13 UTC.", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4281643314, "indicator": "86.160.124.8", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4281988010, "indicator": "99.251.225.174", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 99.251.225.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 3850285471, "indicator": "44.220.185.98", "type": "IPv4", "created": "2026-03-26T15:09:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 44.220.185.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T15:08:29", "is_active": 1 }, { "id": 4282102984, "indicator": "47.84.107.47", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.107.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 2849093374, "indicator": "174.138.53.142", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 174.138.53.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4281923433, "indicator": "172.105.40.165", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.105.40.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4079422811, "indicator": "103.226.139.207", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.226.139.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4282102985, "indicator": "8.211.39.83", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 8.211.39.83 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4281995160, "indicator": "150.117.237.47", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 150.117.237.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4282102986, "indicator": "185.245.182.46", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.245.182.46 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-03-26 15:43 and 2026-03-26 15:43 UTC.", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4177960991, "indicator": "89.20.104.201", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 89.20.104.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4282102058, "indicator": "49.12.123.112", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 49.12.123.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 42802, "indicator": "184.105.247.234", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 184.105.247.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4078890936, "indicator": "216.73.216.148", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 216.73.216.148 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl...' 2 times when connecting to db1lapetro between 2026-03-26 15:24 and 2026-03-26 15:24 UTC.", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4206003495, "indicator": "172.110.223.23", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.110.223.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 2001699708, "indicator": "157.230.142.81", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 157.230.142.81 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db1lapetro between 2026-03-26 15:09 and 2026-03-26 15:16 UTC.", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4282102987, "indicator": "143.198.110.232", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP 143.198.110.232 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 15:08 and 2026-03-26 15:16 UTC.", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4282102988, "indicator": "47.84.203.136", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.84.203.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4125147862, "indicator": "47.245.105.55", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 47.245.105.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4071133036, "indicator": "210.222.129.233", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 210.222.129.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4282102989, "indicator": "138.68.189.209", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 138.68.189.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4237420630, "indicator": "165.227.32.6", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 165.227.32.6 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db1lapetro between 2026-03-26 14:51 and 2026-03-26 14:51 UTC.", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4281927707, "indicator": "177.235.17.95", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 177.235.17.95 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db1lapetro between 2026-03-26 14:50 and 2026-03-26 15:01 UTC.", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 3401826983, "indicator": "186.235.184.214", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 186.235.184.214 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 14:47 and 2026-03-26 14:59 UTC.", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4176761674, "indicator": "121.29.149.76", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4282074887, "indicator": "47.84.100.65", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 47.84.100.65 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4212063404, "indicator": "120.48.177.147", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4282070605, "indicator": "47.84.103.254", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.103.254 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 3819637747, "indicator": "43.228.112.254", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4281953971, "indicator": "94.72.102.12", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4281805298, "indicator": "185.181.10.136", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4281966060, "indicator": "138.121.105.203", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4281966221, "indicator": "35.220.235.43", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 3867813026, "indicator": "44.220.185.125", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 44.220.185.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4277238307, "indicator": "103.141.230.152", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 103.141.230.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4282051249, "indicator": "42.176.199.119", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 42.176.199.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 3910642266, "indicator": "8.137.109.51", "type": "IPv4", "created": "2026-03-26T16:09:31", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 8.137.109.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-25T16:09:30", "is_active": 1 }, { "id": 4101876080, "indicator": "185.10.63.235", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.10.63.235 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to db4lamedtech between 2026-03-26 16:36 and 2026-03-26 16:48 UTC.", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4167702677, "indicator": "92.119.126.20", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 92.119.126.20 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-03-26 16:22 and 2026-03-26 16:45 UTC.", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4282104011, "indicator": "27.79.45.217", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Da Nang, Vietnam (AS7552, Viettel Group). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 4 unique usernames. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 12m 51s; 30 events.", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 2186190267, "indicator": "221.11.60.146", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.11.60.146 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4282098043, "indicator": "171.243.151.45", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from B?o L?c, Vietnam (AS7552, Viettel Group). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 26s; 10 events.", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4159758187, "indicator": "119.202.90.173", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 119.202.90.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4239205550, "indicator": "117.72.9.232", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 117.72.9.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4281641728, "indicator": "153.0.120.247", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4027938122, "indicator": "171.36.6.13", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.36.6.13 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4146912858, "indicator": "101.47.50.184", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 101.47.50.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 3948064793, "indicator": "112.46.212.117", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 112.46.212.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4109251912, "indicator": "175.178.184.121", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 3624591289, "indicator": "70.73.124.136", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 70.73.124.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4280988546, "indicator": "213.225.34.26", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4179066068, "indicator": "216.180.127.201", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 3887156158, "indicator": "44.220.188.119", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. IP observed in Suricata network metadata", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4282094405, "indicator": "47.236.244.147", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 47.236.244.147 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4282092233, "indicator": "47.254.155.45", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 47.254.155.45 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4282092232, "indicator": "47.84.195.65", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.195.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4282089991, "indicator": "47.245.142.196", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, cowrie. 47.245.142.196 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 3918955785, "indicator": "44.220.185.205", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4282086900, "indicator": "8.209.124.34", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 8.209.124.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4282006356, "indicator": "118.108.77.103", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 118.108.77.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 3986848052, "indicator": "34.225.24.180", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 34.225.24.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4282082283, "indicator": "185.185.80.40", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 185.185.80.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4282083417, "indicator": "120.46.223.62", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4282083418, "indicator": "41.10.148.172", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 41.10.148.172 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4139433019, "indicator": "120.48.57.172", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 120.48.57.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 3862098410, "indicator": "171.36.7.225", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.7.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4184820526, "indicator": "59.173.110.37", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.37 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4250737076, "indicator": "43.164.77.109", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 3818442939, "indicator": "209.97.179.17", "type": "IPv4", "created": "2026-03-26T17:09:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-25T17:09:37", "is_active": 1 }, { "id": 4185878720, "indicator": "154.221.23.136", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 154.221.23.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 3850286263, "indicator": "44.220.188.139", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.188.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 4091729872, "indicator": "45.135.194.31", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.135.194.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 4282105811, "indicator": "109.122.198.82", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 109.122.198.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 4282105812, "indicator": "89.28.133.50", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 89.28.133.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 3552769736, "indicator": "87.236.176.89", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 87.236.176.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 3781498086, "indicator": "164.92.177.176", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 164.92.177.176 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 5 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 4282102040, "indicator": "47.245.142.158", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.245.142.158 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 4173427470, "indicator": "114.97.191.177", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.177 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 4281950837, "indicator": "47.84.109.226", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 47.84.109.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 4168830032, "indicator": "114.97.190.230", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.230 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 3662623876, "indicator": "209.141.59.70", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 209.141.59.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 3854829341, "indicator": "44.220.185.85", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. IP observed in Suricata network metadata", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 3889529159, "indicator": "123.245.84.10", "type": "IPv4", "created": "2026-03-26T17:38:03", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.245.84.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T17:38:02", "is_active": 1 }, { "id": 4126552232, "indicator": "102.164.35.116", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 102.164.35.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 3209929673, "indicator": "175.107.1.171", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 175.107.1.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4177008130, "indicator": "59.173.110.177", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4007342538, "indicator": "146.190.133.67", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 146.190.133.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4160034365, "indicator": "217.182.195.126", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 217.182.195.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4197677997, "indicator": "110.37.115.167", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 110.37.115.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4227730651, "indicator": "151.245.32.9", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 151.245.32.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4185656434, "indicator": "64.89.160.82", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 64.89.160.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: FireHOL (firehol_level1, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4274262407, "indicator": "45.67.221.205", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4008084685, "indicator": "221.207.35.221", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 3946712786, "indicator": "123.245.84.50", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.245.84.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4282158724, "indicator": "18.219.170.46", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 4m 55s; 10 events.", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4282075020, "indicator": "206.189.22.92", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 206.189.22.92 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 3883100247, "indicator": "36.106.166.140", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4176625869, "indicator": "36.250.220.172", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 3716663806, "indicator": "60.13.7.253", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.253 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4263862669, "indicator": "54.210.22.187", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 54.210.22.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4282159240, "indicator": "96.239.111.24", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 96.239.111.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4266744601, "indicator": "54.147.211.146", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 54.147.211.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4124435797, "indicator": "60.16.195.119", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.16.195.119 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4166604680, "indicator": "14.135.74.119", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 14.135.74.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4263847890, "indicator": "3.87.26.96", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 3.87.26.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4281995150, "indicator": "34.62.248.29", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 34.62.248.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4282159241, "indicator": "47.84.130.19", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.84.130.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4282159242, "indicator": "47.245.142.237", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.245.142.237 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4282106247, "indicator": "106.75.222.86", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.75.222.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 3749130237, "indicator": "128.14.239.217", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 128.14.239.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4281950843, "indicator": "47.84.140.69", "type": "IPv4", "created": "2026-03-26T18:38:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.140.69 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T18:38:12", "is_active": 1 }, { "id": 4282166834, "indicator": "47.84.109.58", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.84.109.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4182043625, "indicator": "24.153.160.37", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 24.153.160.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 2745198552, "indicator": "103.157.25.4", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Indonesia (AS141108, Universitas Islam Negeri Sultan Maulana Hasanudin Banten). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance,...", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4158862792, "indicator": "45.13.126.219", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Norway (AS200781, Tampnet AS). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewall manipulati...", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4140757631, "indicator": "14.1.107.37", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 14.1.107.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4281966232, "indicator": "43.156.64.195", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Singapore, Singapore (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 2 unique usernames, execution of 40 commands (SSH key persistence, password changes, system reconnaissance, cron per...", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 3020767299, "indicator": "193.163.125.121", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4127284792, "indicator": "41.184.94.75", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 41.184.94.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 433863123, "indicator": "123.160.232.251", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.232.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4282166835, "indicator": "47.84.109.254", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.84.109.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4172926120, "indicator": "101.249.62.67", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.249.62.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 3914278769, "indicator": "1.193.63.200", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.193.63.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4282166836, "indicator": "103.141.230.169", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.141.230.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4247172011, "indicator": "103.141.230.166", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 103.141.230.166 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4042209075, "indicator": "182.88.191.102", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.88.191.102 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4243233750, "indicator": "120.48.52.177", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 120.48.52.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4282166712, "indicator": "80.66.83.80", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Russia (AS216473, Bashinskii Vadim Ruslanovich). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 2 events.", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4173674918, "indicator": "59.173.111.225", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.111.225 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4214038238, "indicator": "59.173.110.164", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.110.164 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4078118636, "indicator": "103.63.25.109", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 103.63.25.109 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 6 times when connecting to db1lapetro between 2026-03-26 17:57 and 2026-03-26 18:10 UTC.", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4268031126, "indicator": "45.207.221.76", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.207.221.76 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db4lamedtech between 2026-03-26 17:51 and 2026-03-26 18:01 UTC.", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4262445946, "indicator": "86.110.51.47", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 86.110.51.47 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db4lamedtech between 2026-03-26 17:45 and 2026-03-26 17:57 UTC.", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4282166837, "indicator": "31.40.204.244", "type": "IPv4", "created": "2026-03-26T19:38:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, fatt. Attacker IP 31.40.204.244 observed using TLS client fingerprint 'Unknown TLS Client (3b5052d0aa46)' 2 times when connecting to db1lapetro between 2026-03-26 17:44 and 2026-03-26 17:44 UTC.", "expiration": "2026-04-25T19:38:26", "is_active": 1 }, { "id": 4190679174, "indicator": "110.37.13.213", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.37.13.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 3679994462, "indicator": "197.243.14.52", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 197.243.14.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 3838711275, "indicator": "221.207.34.246", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 4282274109, "indicator": "47.254.181.210", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Frankfurt am Main, Germany (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 4278864216, "indicator": "66.132.195.34", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.195.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 4281981270, "indicator": "80.223.172.120", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 80.223.172.120 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 4266828579, "indicator": "175.107.208.146", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 175.107.208.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 4165500274, "indicator": "180.150.104.65", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.150.104.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 4282274110, "indicator": "47.245.132.3", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level3. 47.245.132.3 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 4262475277, "indicator": "44.201.208.109", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 44.201.208.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 4263843101, "indicator": "34.207.209.130", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 34.207.209.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 4282274111, "indicator": "47.84.141.248", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.141.248 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 4263831819, "indicator": "54.152.61.40", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 54.152.61.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 4262424608, "indicator": "3.86.245.199", "type": "IPv4", "created": "2026-03-26T20:38:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 3.86.245.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T20:38:53", "is_active": 1 }, { "id": 4054986170, "indicator": "43.139.215.177", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 43.139.215.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 3779527579, "indicator": "34.133.99.235", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 34.133.99.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level2).", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4229958839, "indicator": "179.0.225.227", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 179.0.225.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4042518594, "indicator": "171.120.159.163", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.120.159.163 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4170152850, "indicator": "222.176.200.20", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 222.176.200.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4233510736, "indicator": "129.153.125.224", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 129.153.125.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4281881575, "indicator": "46.250.250.80", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 46.250.250.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4282102087, "indicator": "8.211.36.238", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 8.211.36.238 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 3366091831, "indicator": "123.253.162.254", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Bhopal, India (AS45117, Ishans Network). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 1635130679, "indicator": "159.65.77.254", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Santa Clara, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cro...", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4281811191, "indicator": "172.185.40.47", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 172.185.40.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4282277343, "indicator": "31.154.130.86", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 31.154.130.86 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4227937674, "indicator": "151.247.192.31", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 151.247.192.31 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4022098887, "indicator": "80.85.246.144", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 80.85.246.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4145012422, "indicator": "87.106.80.228", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Germany (AS8560, IONOS SE). Observed targeting healthcare sector honeypot medtech-hp-01 via tanner. 2 events.", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4281818498, "indicator": "210.79.191.170", "type": "IPv4", "created": "2026-03-26T21:39:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Indonesia (AS136052, PT Cloud Hosting Indonesia) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-25T21:39:00", "is_active": 1 }, { "id": 4281953978, "indicator": "20.219.0.216", "type": "IPv4", "created": "2026-03-26T22:39:10", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 20.219.0.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T22:39:09", "is_active": 1 }, { "id": 3851009462, "indicator": "1.83.125.133", "type": "IPv4", "created": "2026-03-26T22:39:10", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T22:39:09", "is_active": 1 }, { "id": 1600989574, "indicator": "123.138.79.103", "type": "IPv4", "created": "2026-03-26T22:39:10", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.138.79.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T22:39:09", "is_active": 1 }, { "id": 2917716049, "indicator": "36.106.167.185", "type": "IPv4", "created": "2026-03-26T22:39:10", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-25T22:39:09", "is_active": 1 }, { "id": 4282279390, "indicator": "47.245.134.86", "type": "IPv4", "created": "2026-03-26T22:39:10", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.245.134.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T22:39:09", "is_active": 1 }, { "id": 4192315921, "indicator": "31.58.236.100", "type": "IPv4", "created": "2026-03-26T22:39:10", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 31.58.236.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T22:39:09", "is_active": 1 }, { "id": 4282279391, "indicator": "47.245.176.205", "type": "IPv4", "created": "2026-03-26T22:39:10", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.245.176.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-25T22:39:09", "is_active": 1 }, { "id": 4282279392, "indicator": "185.213.154.179", "type": "IPv4", "created": "2026-03-26T22:39:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. Attacker IP from Gothenburg, Sweden (AS39351, 31173 Services AB). Observed targeting energy sector honeypot petroleum-hp-01 via dionaea. 1 events.", "expiration": "2026-04-25T22:39:09", "is_active": 1 }, { "id": 4147272481, "indicator": "101.47.51.22", "type": "IPv4", "created": "2026-03-26T22:39:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Singapore, Singapore (AS150436, Byteplus Pte. Ltd.). Observed targeting government sector honeypot backup-hp-01 via cowrie. 2 events.", "expiration": "2026-04-25T22:39:09", "is_active": 1 }, { "id": 4227809342, "indicator": "186.7.16.150", "type": "IPv4", "created": "2026-03-26T22:39:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Santiago de los Caballeros, Dominican Republic (AS6400, Compania Dominicana de Telefonos S. A.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 1s;...", "expiration": "2026-04-25T22:39:09", "is_active": 1 }, { "id": 4282100470, "indicator": "20.104.216.159", "type": "IPv4", "created": "2026-03-26T22:39:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Toronto, Canada. Observed targeting healthcare sector honeypot medtech-hp-01 via h0neytr4p. duration: 3s; 38 events.", "expiration": "2026-04-25T22:39:09", "is_active": 1 }, { "id": 3911609235, "indicator": "44.220.185.93", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 44.220.185.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4164878817, "indicator": "106.105.102.201", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 106.105.102.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4282297857, "indicator": "47.84.103.91", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.103.91 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4139166390, "indicator": "91.215.35.25", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 91.215.35.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4063231077, "indicator": "20.163.30.209", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 20.163.30.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4274259951, "indicator": "185.249.225.142", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 185.249.225.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4282297858, "indicator": "47.254.128.244", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.254.128.244 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4239346115, "indicator": "203.134.215.30", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 203.134.215.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4282297859, "indicator": "20.70.129.215", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 20.70.129.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4282281733, "indicator": "160.176.165.107", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Fes, Morocco (AS36903, MT-MPLS). Observed targeting government sector honeypot backup-hp-01 via cowrie. 3 events.", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4248990533, "indicator": "107.189.29.8", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:tor-exit. 107.189.29.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4281940868, "indicator": "47.79.150.4", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 47.79.150.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4237324929, "indicator": "4.144.36.11", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 4.144.36.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4277212686, "indicator": "89.134.210.182", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Budapest, Hungary (AS21334, One Hungary Ltd.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 13m 14s; 20 events.", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4282279246, "indicator": "23.94.161.230", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from Buffalo, United States (AS36352, HostPapa). Observed targeting healthcare sector honeypot medtech-hp-01 via sentrypeer. 1 events.", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4204209572, "indicator": "45.194.89.24", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 45.194.89.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4169855380, "indicator": "121.29.84.250", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4282100831, "indicator": "172.175.81.183", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Boydton, United States (AS8075, Microsoft Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4072965966, "indicator": "103.176.78.178", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Indonesia (AS136052, PT Cloud Hosting Indonesia) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4271582225, "indicator": "167.71.216.59", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 5m 4s; 10 events.", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4281947987, "indicator": "142.171.71.66", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Los Angeles, United States (AS35916, MULTACOM CORPORATION). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 1s; 5 events.", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 4281783976, "indicator": "8.209.251.245", "type": "IPv4", "created": "2026-03-26T23:39:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Tokyo, Japan (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 4m 35s; 10 events.", "expiration": "2026-04-25T23:39:15", "is_active": 1 }, { "id": 3868479562, "indicator": "117.90.100.6", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 117.90.100.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 3990503144, "indicator": "1.34.254.107", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 1.34.254.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4008363144, "indicator": "61.142.44.132", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 61.142.44.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4204115460, "indicator": "148.75.192.89", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 148.75.192.89 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4282305697, "indicator": "59.183.118.255", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.183.118.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4281968104, "indicator": "178.16.53.241", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 178.16.53.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4282305698, "indicator": "168.119.254.152", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Falkenstein, Germany (AS24940, Hetzner Online GmbH) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4191366901, "indicator": "3.148.13.61", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 3.148.13.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4154754588, "indicator": "34.90.199.112", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 34.90.199.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4013092656, "indicator": "118.212.120.63", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.63 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4197122590, "indicator": "124.225.99.71", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.225.99.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4282305699, "indicator": "47.84.131.60", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.84.131.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4158864007, "indicator": "149.129.221.180", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 149.129.221.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4282305700, "indicator": "47.84.141.166", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.84.141.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 3994525008, "indicator": "18.97.5.21", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 18.97.5.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4282305701, "indicator": "8.209.106.188", "type": "IPv4", "created": "2026-03-27T00:39:22", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. Attacker IP from Frankfurt am Main, Germany (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 23s; 3 events.", "expiration": "2026-04-26T00:39:21", "is_active": 1 }, { "id": 4281966218, "indicator": "84.247.190.4", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 84.247.190.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4282308683, "indicator": "47.84.143.211", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.143.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4274482871, "indicator": "189.150.26.55", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 189.150.26.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 2136086222, "indicator": "207.154.249.4", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 207.154.249.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4044210547, "indicator": "5.133.192.127", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 5.133.192.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4170167693, "indicator": "116.178.131.92", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4260070355, "indicator": "138.68.171.232", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 138.68.171.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4282308684, "indicator": "138.197.14.243", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 138.197.14.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4116064269, "indicator": "145.239.65.226", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 145.239.65.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4282308685, "indicator": "8.211.45.143", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 8.211.45.143 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4182958777, "indicator": "177.12.135.93", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 177.12.135.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4102522349, "indicator": "41.32.42.171", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 41.32.42.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4214834523, "indicator": "110.37.123.227", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.37.123.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4276920082, "indicator": "119.46.226.98", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 119.46.226.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4169136559, "indicator": "141.224.196.79", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 141.224.196.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4282308686, "indicator": "8.211.11.111", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 8.211.11.111 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4154482756, "indicator": "36.250.221.187", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 36.250.221.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4282100845, "indicator": "182.242.168.148", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 2772742648, "indicator": "110.177.179.159", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 110.177.179.159 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 3662638145, "indicator": "223.166.22.143", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 223.166.22.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4070651795, "indicator": "47.242.66.123", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.242.66.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4282308687, "indicator": "194.233.85.9", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 194.233.85.9 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-03-26 23:50 and 2026-03-26 23:50 UTC.", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4282308688, "indicator": "136.118.138.124", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 136.118.138.124 observed using TLS client fingerprint 'Unknown TLS Client (7465186b1421)' 2 times when connecting to offbackup1 between 2026-03-26 23:40 and 2026-03-26 23:40 UTC.", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4281641212, "indicator": "103.110.84.104", "type": "IPv4", "created": "2026-03-27T01:39:37", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:reported. Attacker IP from Vietnam (AS63760, AZDIGI Corporation). Observed targeting healthcare sector honeypot mdms-hp-01 via heralding. 1 events.", "expiration": "2026-04-26T01:39:36", "is_active": 1 }, { "id": 4247247993, "indicator": "116.140.217.240", "type": "IPv4", "created": "2026-03-27T02:39:43", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 116.140.217.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T02:39:42", "is_active": 1 }, { "id": 4250002396, "indicator": "72.255.32.88", "type": "IPv4", "created": "2026-03-27T02:39:43", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 72.255.32.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T02:39:42", "is_active": 1 }, { "id": 4174595154, "indicator": "59.173.110.115", "type": "IPv4", "created": "2026-03-27T02:39:43", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T02:39:42", "is_active": 1 }, { "id": 4281897623, "indicator": "47.84.100.21", "type": "IPv4", "created": "2026-03-27T02:39:43", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.84.100.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T02:39:42", "is_active": 1 }, { "id": 4210354214, "indicator": "115.190.233.20", "type": "IPv4", "created": "2026-03-27T02:39:43", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 115.190.233.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T02:39:42", "is_active": 1 }, { "id": 4237314866, "indicator": "51.38.104.193", "type": "IPv4", "created": "2026-03-27T02:39:43", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 51.38.104.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T02:39:42", "is_active": 1 }, { "id": 4282310561, "indicator": "120.157.229.184", "type": "IPv4", "created": "2026-03-27T02:39:43", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 120.157.229.184 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).", "expiration": "2026-04-26T02:39:42", "is_active": 1 }, { "id": 4282309184, "indicator": "162.40.173.47", "type": "IPv4", "created": "2026-03-27T02:39:43", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.40.173.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T02:39:42", "is_active": 1 }, { "id": 4027005939, "indicator": "118.212.122.226", "type": "IPv4", "created": "2026-03-27T02:39:43", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T02:39:42", "is_active": 1 }, { "id": 4170190861, "indicator": "36.250.221.116", "type": "IPv4", "created": "2026-03-27T02:39:43", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T02:39:42", "is_active": 1 }, { "id": 4278317362, "indicator": "66.132.195.67", "type": "IPv4", "created": "2026-03-27T02:39:43", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.195.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T02:39:42", "is_active": 1 }, { "id": 4265145006, "indicator": "160.119.76.49", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 160.119.76.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 3868479158, "indicator": "44.220.185.87", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 44.220.185.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4274338781, "indicator": "101.70.111.217", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 101.70.111.217 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4069455251, "indicator": "59.91.45.8", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 59.91.45.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4173866990, "indicator": "101.68.47.50", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.68.47.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 3850287058, "indicator": "222.94.32.97", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4173134657, "indicator": "124.117.192.217", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 2938286218, "indicator": "36.106.167.133", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4210339354, "indicator": "106.117.110.83", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.110.83 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4046471816, "indicator": "171.36.6.171", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.171 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4173292404, "indicator": "59.173.110.22", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 59.173.110.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 3759598995, "indicator": "182.242.168.191", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.168.191 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4282313195, "indicator": "8.209.110.240", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 8.209.110.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4133516276, "indicator": "143.105.16.225", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 143.105.16.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4173479227, "indicator": "36.250.221.33", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4172752771, "indicator": "106.117.105.125", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.117.105.125 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4267965623, "indicator": "116.176.62.8", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 116.176.62.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4184905983, "indicator": "123.145.39.153", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.145.39.153 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4169765885, "indicator": "36.250.221.71", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4282313196, "indicator": "103.149.165.68", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported. 103.149.165.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4282313197, "indicator": "207.180.248.233", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. duration: 9m 39s; 15 events.", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4280196732, "indicator": "66.132.186.196", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.186.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4201543260, "indicator": "119.3.213.91", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Beijing, China (AS55990, Huawei Cloud Service data center) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 3m 58s; 6 events.", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4282310395, "indicator": "31.56.222.138", "type": "IPv4", "created": "2026-03-27T03:40:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 31.56.222.138 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to mdms1 between 2026-03-27 01:47 and 2026-03-27 01:48 UTC.", "expiration": "2026-04-26T03:39:49", "is_active": 1 }, { "id": 4282393892, "indicator": "47.245.141.185", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.245.141.185 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, multi-reported).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4282393893, "indicator": "96.235.32.179", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 96.235.32.179 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4277158574, "indicator": "141.147.181.40", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 141.147.181.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4282393894, "indicator": "8.209.68.55", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level3. 8.209.68.55 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 3850293277, "indicator": "222.94.32.47", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4282393895, "indicator": "59.52.177.184", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.52.177.184 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4158844348, "indicator": "144.123.77.255", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 144.123.77.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4177012648, "indicator": "27.47.25.191", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.25.191 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4173352505, "indicator": "106.117.111.96", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.111.96 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4282393896, "indicator": "119.152.229.59", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 119.152.229.59 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4205475835, "indicator": "177.75.49.8", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 177.75.49.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4282393897, "indicator": "13.70.26.183", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 13.70.26.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4172960280, "indicator": "222.176.200.214", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 222.176.200.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4275736530, "indicator": "220.135.226.87", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 220.135.226.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4012414013, "indicator": "110.177.179.55", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.179.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4170522483, "indicator": "58.243.47.150", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.47.150 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4281641578, "indicator": "123.144.29.45", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 123.144.29.45 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4282393898, "indicator": "47.245.136.45", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level3. 47.245.136.45 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, moderate, port-scan).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4166964720, "indicator": "121.29.84.37", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 121.29.84.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4172752976, "indicator": "116.178.131.130", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 116.178.131.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 2193657172, "indicator": "60.13.6.18", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.13.6.18 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4173439002, "indicator": "221.208.113.91", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 221.208.113.91 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4173919429, "indicator": "121.29.84.147", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4166949335, "indicator": "112.122.237.110", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 112.122.237.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4282393899, "indicator": "47.245.129.160", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.129.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 3870346978, "indicator": "44.220.185.35", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 44.220.185.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 2978132603, "indicator": "1.83.125.198", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 3842143339, "indicator": "123.245.84.181", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.245.84.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4254084531, "indicator": "161.132.19.76", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 161.132.19.76 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-03-27 03:17 and 2026-03-27 03:18 UTC.", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4281892655, "indicator": "189.143.85.59", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Acapulco de Ju\u00e1rez, Mexico (AS8151, UNINET). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 1s; 5 events.", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4282393900, "indicator": "47.84.101.80", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 23s; 3 events.", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4281800052, "indicator": "74.235.238.88", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 74.235.238.88 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 90 times when connecting to db4lamedtech between 2026-03-27 02:55 and 2026-03-27 02:55 UTC.", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4281789250, "indicator": "217.241.53.190", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Haiterbach, Germany (AS3320, Deutsche Telekom AG). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 13m 37s; 20 events.", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4224036406, "indicator": "159.65.144.44", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 159.65.144.44 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to mdms1 between 2026-03-27 02:43 and 2026-03-27 02:43 UTC.", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 3875533328, "indicator": "117.90.100.7", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 117.90.100.7 observed using TLS client fingerprint 'Unknown TLS Client (40638f7848f7)' 2 times when connecting to mdms1 between 2026-03-27 02:39 and 2026-03-27 02:39 UTC.", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 4282393901, "indicator": "8.219.100.182", "type": "IPv4", "created": "2026-03-27T04:40:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Singapore, Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 23s; 3 events.", "expiration": "2026-04-26T04:40:05", "is_active": 1 }, { "id": 3864470926, "indicator": "221.207.35.6", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4183899107, "indicator": "59.173.110.81", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.81 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4174839012, "indicator": "82.199.171.26", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 82.199.171.26 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4173705707, "indicator": "180.111.30.109", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.109 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 3965638695, "indicator": "220.132.161.111", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 220.132.161.111 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4271430675, "indicator": "209.38.82.203", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 209.38.82.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 2577705291, "indicator": "124.89.90.54", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.89.90.54 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4179320106, "indicator": "117.25.122.135", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 117.25.122.135 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4180613237, "indicator": "139.135.41.33", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 139.135.41.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 3691544196, "indicator": "159.65.168.103", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.65.168.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4281806960, "indicator": "156.253.5.210", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Seychelles (AS212552, BitCommand LLC). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 12m 33s; 20 events.", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 2656222531, "indicator": "180.95.238.41", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4173191115, "indicator": "112.94.188.66", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.94.188.66 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4165310438, "indicator": "114.97.191.45", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4009379291, "indicator": "60.13.7.124", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 3756736563, "indicator": "182.242.169.58", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.169.58 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4165293205, "indicator": "27.47.24.27", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.24.27 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4172446314, "indicator": "116.178.130.78", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 3785957158, "indicator": "182.242.168.219", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 2989377062, "indicator": "180.95.231.146", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.146 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4210038726, "indicator": "221.0.170.18", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.0.170.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 3872652561, "indicator": "123.245.84.122", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4191756738, "indicator": "27.47.24.131", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.131 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4161444882, "indicator": "124.117.192.31", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 4282404195, "indicator": "182.242.168.78", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.78 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 3906665974, "indicator": "113.231.251.144", "type": "IPv4", "created": "2026-03-27T05:40:17", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 113.231.251.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T05:40:16", "is_active": 1 }, { "id": 3265434816, "indicator": "36.106.166.65", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 36.106.166.65 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4282409382, "indicator": "47.84.131.50", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.131.50 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4282409383, "indicator": "180.139.250.52", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 180.139.250.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4277158416, "indicator": "123.209.68.251", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 123.209.68.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4004976055, "indicator": "18.217.102.23", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 18.217.102.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4282409384, "indicator": "47.254.172.105", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.254.172.105 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4151378709, "indicator": "66.167.147.130", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.167.147.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4173720709, "indicator": "121.29.85.253", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.85.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 3862293966, "indicator": "123.245.84.144", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4166826755, "indicator": "27.47.24.150", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 27.47.24.150 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4282409385, "indicator": "47.245.135.122", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.245.135.122 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4158457860, "indicator": "110.39.255.247", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.39.255.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 3020767500, "indicator": "193.163.125.235", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 193.163.125.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4278759574, "indicator": "47.117.146.179", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.117.146.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4178786623, "indicator": "101.249.60.91", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.60.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 3937932294, "indicator": "220.167.233.244", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4173097245, "indicator": "144.123.76.255", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.76.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4173411723, "indicator": "222.176.201.200", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4282409386, "indicator": "49.228.88.116", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Bangkok, Thailand (AS133481, AIS Fibre). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewall mani...", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4282409387, "indicator": "119.164.99.169", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 119.164.99.169 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4022066016, "indicator": "180.95.238.74", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4054725737, "indicator": "106.39.213.58", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.39.213.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4033456534, "indicator": "118.212.122.24", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 118.212.122.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4177506349, "indicator": "59.173.111.166", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.111.166 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4179215004, "indicator": "162.243.199.139", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.243.199.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4176884595, "indicator": "110.90.106.42", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.90.106.42 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 3873829129, "indicator": "110.177.176.7", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 110.177.176.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4282409388, "indicator": "107.152.41.85", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS11878, tzulo, inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 13m 49s; 20 events.", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4181213872, "indicator": "27.47.25.197", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.25.197 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 3951249499, "indicator": "44.220.185.18", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 44.220.185.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 2220477601, "indicator": "187.72.128.177", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Brazil (AS16735, ALGAR TELECOM SA). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4282409389, "indicator": "47.245.135.94", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.245.135.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4172947731, "indicator": "59.173.111.253", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.253 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4176597524, "indicator": "101.249.63.193", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.63.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4282409390, "indicator": "119.160.215.50", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 119.160.215.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4165584135, "indicator": "124.117.192.169", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4237314905, "indicator": "138.197.107.71", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Clifton, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 1m 21s; 10 events.", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 3778776128, "indicator": "110.177.177.202", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 3758118405, "indicator": "182.242.168.246", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.168.246 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4278321342, "indicator": "45.88.223.138", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.88.223.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4282409391, "indicator": "8.209.126.74", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 8.209.126.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4183849518, "indicator": "27.202.59.170", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 27.202.59.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4090507457, "indicator": "51.68.111.245", "type": "IPv4", "created": "2026-03-27T06:40:25", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 51.68.111.245 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db4lamedtech between 2026-03-27 04:46 and 2026-03-27 04:46 UTC.", "expiration": "2026-04-26T06:40:23", "is_active": 1 }, { "id": 4158069490, "indicator": "124.117.192.118", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.192.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4282411715, "indicator": "119.163.42.156", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 119.163.42.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4161526341, "indicator": "116.178.130.24", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.130.24 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4217785517, "indicator": "101.249.63.232", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.63.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4167699578, "indicator": "116.178.129.107", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.107 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4162889115, "indicator": "124.117.193.195", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 124.117.193.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4274396571, "indicator": "52.231.220.210", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 52.231.220.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4282410817, "indicator": "132.196.91.16", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 132.196.91.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 1657195194, "indicator": "149.255.10.46", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 149.255.10.46 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4205105798, "indicator": "152.32.240.183", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 152.32.240.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4089901097, "indicator": "51.68.111.212", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 51.68.111.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4261319874, "indicator": "59.17.95.129", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Yeonsu-gu, South Korea (AS4766, Korea Telecom). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4282410841, "indicator": "142.248.80.163", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from United States (AS22295, Advin Services LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via adbhoney. duration: 5s; 2 events.", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 3870239568, "indicator": "220.167.232.219", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 3942650847, "indicator": "118.212.121.111", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 3850284079, "indicator": "221.207.34.228", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 966686, "indicator": "1.177.63.24", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 1.177.63.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4056455478, "indicator": "177.92.162.245", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Silves, Brazil (AS268257, SIDI SERVICOS DE COMUNICACAO LTDA-ME). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4168763747, "indicator": "116.178.130.94", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4282102080, "indicator": "8.209.101.33", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Frankfurt am Main, Germany (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4210354663, "indicator": "156.227.232.221", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Seychelles (AS138152, YISU CLOUD LTD) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included execution of 1 post-compromise commands, delivery of 2 malware samples. 5 events.", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 3807674218, "indicator": "182.242.168.124", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 3935252023, "indicator": "110.177.181.185", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 110.177.181.185 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4158461129, "indicator": "123.54.197.60", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 3867813193, "indicator": "221.207.35.116", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4172754485, "indicator": "36.250.221.150", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.221.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 923400263, "indicator": "79.175.42.206", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 79.175.42.206 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4160366145, "indicator": "144.123.77.158", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 144.123.77.158 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4282411716, "indicator": "121.29.4.251", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Beijing, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username, execution of 15 commands (system reconnaissance, cron persistence, process killing, firewall manipulation), ...", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 3721818980, "indicator": "1.83.125.235", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4282411717, "indicator": "51.158.248.201", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 51.158.248.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 3176320827, "indicator": "1.83.125.195", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4282411718, "indicator": "112.94.191.130", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.191.130 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 3858778272, "indicator": "118.212.123.251", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.123.251 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4282411719, "indicator": "89.124.84.249", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 89.124.84.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4282411720, "indicator": "47.84.138.41", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.138.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4243310594, "indicator": "117.25.124.91", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 117.25.124.91 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4140189163, "indicator": "182.119.226.144", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.226.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4282411721, "indicator": "83.68.250.0", "type": "IPv4", "created": "2026-03-27T07:40:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sundsvall, Sweden (AS51132, Arkaden Konsult AB). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. 1 events.", "expiration": "2026-04-26T07:40:53", "is_active": 1 }, { "id": 4182457636, "indicator": "116.178.128.131", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4069456036, "indicator": "110.177.183.22", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.183.22 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 3214353487, "indicator": "182.119.224.82", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.224.82 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4281953974, "indicator": "116.176.57.144", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.176.57.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4184135931, "indicator": "59.173.109.238", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4165498740, "indicator": "106.117.117.20", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.117.20 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 3991956867, "indicator": "98.80.4.7", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 98.80.4.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 3752643244, "indicator": "182.242.168.111", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.168.111 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 2131102943, "indicator": "36.106.167.40", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4208303439, "indicator": "185.169.4.16", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 185.169.4.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4006868762, "indicator": "171.36.7.248", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.36.7.248 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4164681395, "indicator": "116.178.129.211", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4282464485, "indicator": "147.185.155.24", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 147.185.155.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 2913183075, "indicator": "180.95.238.99", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4180292247, "indicator": "116.178.131.107", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.131.107 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4281965187, "indicator": "123.60.132.209", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 123.60.132.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4183182702, "indicator": "59.173.109.252", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.109.252 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4282464486, "indicator": "182.242.168.61", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4282427836, "indicator": "47.237.31.39", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.237.31.39 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4282464487, "indicator": "80.41.50.232", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 80.41.50.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4172922573, "indicator": "121.29.149.118", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.118 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4049048114, "indicator": "101.68.126.147", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.68.126.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 3913307046, "indicator": "118.212.121.114", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.114 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4282464488, "indicator": "106.75.14.169", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 106.75.14.169 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, reported).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4191872298, "indicator": "106.75.16.45", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4808, China Unicom Beijing Province Network). Observed targeting healthcare sector honeypot mdms-hp-01 via tanner. duration: 2m 14s; 35 events.", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 3850286681, "indicator": "220.167.232.196", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 3846365261, "indicator": "123.245.84.12", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4176872596, "indicator": "112.122.236.2", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.236.2 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4282428040, "indicator": "47.254.144.111", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.254.144.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4010279977, "indicator": "171.8.138.52", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.8.138.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4014747825, "indicator": "123.245.85.140", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4282464489, "indicator": "86.134.202.106", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 86.134.202.106 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4282464490, "indicator": "72.255.33.224", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 72.255.33.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4183210280, "indicator": "27.47.26.109", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.26.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4023552835, "indicator": "110.177.176.116", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.176.116 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4160192866, "indicator": "144.123.78.147", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 144.123.78.147 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4143481697, "indicator": "14.1.104.175", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 14.1.104.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4008683465, "indicator": "123.160.233.5", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.233.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4173479237, "indicator": "59.173.111.177", "type": "IPv4", "created": "2026-03-27T08:41:01", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.177 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T08:40:59", "is_active": 1 }, { "id": 4166197811, "indicator": "106.117.117.141", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.117.117.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4109411299, "indicator": "80.94.95.152", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 80.94.95.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4139628711, "indicator": "142.93.199.16", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 142.93.199.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4166321779, "indicator": "121.29.149.142", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4282422967, "indicator": "47.84.207.58", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.84.207.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4188116095, "indicator": "183.99.133.164", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 183.99.133.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4156773425, "indicator": "36.250.220.16", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.220.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4156249970, "indicator": "36.250.221.239", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4048770047, "indicator": "60.168.133.71", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 60.168.133.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4014954473, "indicator": "220.167.233.123", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4158686167, "indicator": "101.249.62.33", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.249.62.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4182376270, "indicator": "59.173.110.20", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.20 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4282396705, "indicator": "167.86.81.27", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Nuremberg, Germany (AS51167, Contabo GmbH). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 3853951703, "indicator": "123.245.84.183", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.84.183 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 3916566539, "indicator": "60.13.7.231", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.13.7.231 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4173791460, "indicator": "117.25.122.116", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.25.122.116 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4165501270, "indicator": "36.250.221.249", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.250.221.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4153837057, "indicator": "36.250.220.54", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4178382269, "indicator": "121.29.85.154", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.85.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 2939582678, "indicator": "36.106.167.85", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4282469246, "indicator": "47.254.172.141", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.254.172.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4153679608, "indicator": "124.117.192.102", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4281684429, "indicator": "93.103.226.55", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 93.103.226.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4173822344, "indicator": "36.250.221.76", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.250.221.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 3955401298, "indicator": "194.26.192.111", "type": "IPv4", "created": "2026-03-27T09:41:08", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 194.26.192.111 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 9 times when connecting to db4lamedtech between 2026-03-27 07:46 and 2026-03-27 07:46 UTC.", "expiration": "2026-04-26T09:41:06", "is_active": 1 }, { "id": 4282274717, "indicator": "178.18.246.78", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 178.18.246.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4282471527, "indicator": "24.232.239.193", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 24.232.239.193 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4022913215, "indicator": "222.94.32.127", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 222.94.32.127 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4282471528, "indicator": "47.254.171.201", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.254.171.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4011487996, "indicator": "185.247.137.119", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4282471529, "indicator": "47.245.130.67", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.130.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4173191099, "indicator": "222.176.200.36", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4173124516, "indicator": "58.243.47.192", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.47.192 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 3845039890, "indicator": "220.167.233.92", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 3992181129, "indicator": "44.220.185.203", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 44.220.185.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4282471530, "indicator": "112.94.189.161", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.189.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4260790073, "indicator": "87.106.65.126", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from United Kingdom (AS8560, IONOS SE). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewall ...", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4203826322, "indicator": "113.155.136.23", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 113.155.136.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4180403631, "indicator": "123.144.27.148", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.144.27.148 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4173119846, "indicator": "116.178.128.213", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.213 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4154659956, "indicator": "36.250.220.82", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 36.250.220.82 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 3900304739, "indicator": "8.222.138.87", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 8.222.138.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4164584659, "indicator": "116.178.129.142", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 3657727520, "indicator": "194.187.179.55", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4282469986, "indicator": "212.2.253.241", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Mumbai, India (AS214122, Civo India Pvt Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 102 failed login attempts, 102 credential pairs tried across 73 unique usernames. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 16m 11s; 511 events.", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 3745246947, "indicator": "1.83.125.50", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 1.83.125.50 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4281653304, "indicator": "210.212.28.45", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 210.212.28.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4002009686, "indicator": "112.46.212.112", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.212.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4177150702, "indicator": "110.90.224.70", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.90.224.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4282471531, "indicator": "117.29.52.195", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.29.52.195 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 3874276655, "indicator": "118.212.122.176", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4282107892, "indicator": "113.44.151.175", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Beijing, China (AS55990, Huawei Cloud Service data center) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2m 0s; 4 events.", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4057190711, "indicator": "177.92.162.241", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 177.92.162.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4023740023, "indicator": "182.188.38.170", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 182.188.38.170 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4282462170, "indicator": "47.84.200.67", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 47.84.200.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4108031570, "indicator": "182.13.96.129", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 182.13.96.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 3736193817, "indicator": "47.236.26.203", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 47.236.26.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4282471532, "indicator": "8.219.238.77", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 8.219.238.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4155675710, "indicator": "14.135.75.118", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.75.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4183360017, "indicator": "14.135.75.68", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 14.135.75.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 3785410453, "indicator": "60.13.6.49", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.13.6.49 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4175216382, "indicator": "222.176.201.33", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4091247633, "indicator": "164.163.25.181", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 164.163.25.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 3151041572, "indicator": "110.177.180.233", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 110.177.180.233 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 2195026163, "indicator": "124.89.90.62", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.89.90.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4188231047, "indicator": "59.173.111.128", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.111.128 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4282471533, "indicator": "116.110.159.95", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Da Nang, Vietnam (AS24086, Viettel Corporation). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 5s; 5 events.", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4282471534, "indicator": "116.99.169.248", "type": "IPv4", "created": "2026-03-27T10:41:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Vietnam (AS24086, Viettel Corporation). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 2s; 5 events.", "expiration": "2026-04-26T10:41:13", "is_active": 1 }, { "id": 4180527483, "indicator": "112.122.236.55", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.236.55 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 4070401977, "indicator": "116.172.200.148", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.172.200.148 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 3828214771, "indicator": "58.212.237.197", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 4181322703, "indicator": "117.29.52.80", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 117.29.52.80 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 4282409237, "indicator": "47.236.203.85", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.236.203.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 3992939727, "indicator": "221.207.35.29", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.29 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 3911713263, "indicator": "44.220.185.159", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 44.220.185.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 4025023579, "indicator": "171.36.7.71", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.36.7.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 4282473784, "indicator": "47.84.194.245", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.194.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 4011586640, "indicator": "185.247.137.204", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 3879203370, "indicator": "220.167.233.186", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 4164879516, "indicator": "124.117.193.72", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.193.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 3630301591, "indicator": "139.59.37.187", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.37.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 4282427835, "indicator": "47.236.201.178", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.236.201.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 4282397907, "indicator": "47.245.137.197", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.245.137.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 4165499604, "indicator": "14.135.74.100", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.100 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 4183423362, "indicator": "58.243.47.1", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.47.1 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 3599058943, "indicator": "185.248.85.39", "type": "IPv4", "created": "2026-03-27T11:41:32", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from City of London, United Kingdom (AS43357, Owl Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T11:41:31", "is_active": 1 }, { "id": 4154696214, "indicator": "42.48.38.131", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 42.48.38.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 3854893801, "indicator": "221.207.34.243", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 2889858544, "indicator": "36.106.167.29", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 36.106.167.29 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4218345124, "indicator": "58.19.141.4", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.19.141.4 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 3670123815, "indicator": "223.166.22.20", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 223.166.22.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 3757671969, "indicator": "36.106.166.157", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4173095648, "indicator": "59.173.108.59", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 3743761528, "indicator": "209.250.244.80", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 209.250.244.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4281653534, "indicator": "149.28.189.250", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 149.28.189.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4274190987, "indicator": "40.121.200.75", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Washington, United States (AS8075, Microsoft Corporation). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, pr...", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 3925072800, "indicator": "221.207.35.147", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4168427608, "indicator": "124.117.193.113", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.193.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 2964278977, "indicator": "180.95.238.161", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4282553688, "indicator": "20.251.52.242", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 20.251.52.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 3858102381, "indicator": "58.212.237.193", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4164881381, "indicator": "36.250.220.106", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 3860268268, "indicator": "118.212.122.154", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4278842064, "indicator": "123.160.234.195", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4176607359, "indicator": "121.29.149.163", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.163 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4282553689, "indicator": "121.29.4.103", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.4.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4160714823, "indicator": "59.173.111.122", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4281800108, "indicator": "165.232.154.193", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Santa Clara, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, ...", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 2132608725, "indicator": "36.106.166.156", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.166.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4227926625, "indicator": "185.243.5.246", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.243.5.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4008472898, "indicator": "182.88.190.166", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.88.190.166 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4176631900, "indicator": "59.173.111.22", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.111.22 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 2726371802, "indicator": "180.95.238.184", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 180.95.238.184 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 2674395546, "indicator": "124.89.90.58", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.89.90.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 3854542038, "indicator": "182.242.169.49", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.169.49 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4266740314, "indicator": "160.119.76.57", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Seychelles (AS49870, Alsycon B.V.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 2m 33s; 2 events.", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4161133886, "indicator": "27.47.24.216", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.216 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4130681066, "indicator": "117.40.114.64", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4282553690, "indicator": "188.166.229.90", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 188.166.229.90 observed using TLS client fingerprint 'Unknown TLS Client (922ca5a04ed4)' 4 times when connecting to db1lapetro between 2026-03-27 11:17 and 2026-03-27 11:18 UTC.", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4281820856, "indicator": "34.131.63.3", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from New Delhi, India (AS396982, Google LLC). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4066680221, "indicator": "107.152.39.17", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from United States (AS11878, tzulo, inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 1s; 5 events.", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4058699819, "indicator": "103.229.125.106", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Taiwan (AS24544, Overcasts Limited). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 9m 38s; 15 events.", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 3850282275, "indicator": "123.145.16.213", "type": "IPv4", "created": "2026-03-27T12:41:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T12:41:37", "is_active": 1 }, { "id": 4260883401, "indicator": "134.209.179.95", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 134.209.179.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4173811505, "indicator": "101.249.63.168", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.63.168 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4173682919, "indicator": "222.95.168.146", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.95.168.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4281948651, "indicator": "117.50.199.211", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 117.50.199.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4029508941, "indicator": "222.94.32.229", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.94.32.229 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4181023684, "indicator": "59.173.108.105", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.105 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4164879122, "indicator": "116.178.131.129", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.129 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 3768039081, "indicator": "60.13.7.143", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4173787170, "indicator": "27.47.24.110", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.24.110 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 2672864586, "indicator": "124.117.193.222", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.193.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 3887488080, "indicator": "175.107.36.77", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 175.107.36.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4210146187, "indicator": "27.47.26.12", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 27.47.26.12 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4135643964, "indicator": "85.192.184.145", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 85.192.184.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4077723510, "indicator": "180.76.243.197", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 180.76.243.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4043646283, "indicator": "89.40.31.15", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4162897254, "indicator": "136.33.120.223", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 136.33.120.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 3238130542, "indicator": "144.172.105.188", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 3903348968, "indicator": "165.232.142.253", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 165.232.142.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4160591581, "indicator": "106.117.111.95", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.111.95 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 3207496788, "indicator": "41.230.60.199", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 41.230.60.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4281950833, "indicator": "47.254.156.14", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.254.156.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 3920108705, "indicator": "123.245.85.146", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4171427691, "indicator": "116.178.128.18", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 3896448404, "indicator": "123.245.84.31", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4158464965, "indicator": "58.243.46.249", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.46.249 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4160574474, "indicator": "114.97.190.94", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 114.97.190.94 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, multi-reported).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 3876035089, "indicator": "123.191.147.210", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.191.147.210 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4162510268, "indicator": "119.18.126.198", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 119.18.126.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4201344959, "indicator": "150.255.55.64", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4182423126, "indicator": "106.117.110.45", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.110.45 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 3851046927, "indicator": "118.212.123.44", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.123.44 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 3256499227, "indicator": "36.106.166.82", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 36.106.166.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4173840041, "indicator": "116.178.128.53", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4278325456, "indicator": "160.119.76.58", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 160.119.76.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4163066018, "indicator": "101.249.63.35", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.249.63.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 3955414291, "indicator": "59.55.114.29", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.55.114.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4282562295, "indicator": "51.103.48.143", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 51.103.48.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4167077659, "indicator": "27.47.27.108", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.27.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 3912380387, "indicator": "58.212.237.15", "type": "IPv4", "created": "2026-03-27T13:41:45", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 58.212.237.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T13:41:44", "is_active": 1 }, { "id": 4033274351, "indicator": "58.212.237.107", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4167700064, "indicator": "14.135.75.103", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.75.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4173197682, "indicator": "114.97.191.66", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4166989522, "indicator": "59.173.108.33", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 2958249962, "indicator": "124.89.90.61", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.89.90.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4158970833, "indicator": "114.97.190.164", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.164 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, ftp-brute, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4265266769, "indicator": "103.218.242.31", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.218.242.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4173500447, "indicator": "112.94.189.110", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.189.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3885359376, "indicator": "220.167.232.141", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4173473976, "indicator": "58.243.46.171", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 58.243.46.171 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4168647926, "indicator": "27.47.25.124", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 27.47.25.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4281913088, "indicator": "101.16.145.86", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 101.16.145.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4279954330, "indicator": "170.62.100.218", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Stockholm, Sweden (AS212238, Datacamp Limited). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 3s; 3 events.", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4272875710, "indicator": "101.70.108.196", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.70.108.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3841173442, "indicator": "222.94.32.206", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 222.94.32.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4176520905, "indicator": "106.117.110.79", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.110.79 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4156875209, "indicator": "36.250.221.214", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.221.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4173942717, "indicator": "123.144.27.23", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.144.27.23 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3911067242, "indicator": "171.36.6.135", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4282825558, "indicator": "47.254.172.242", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.254.172.242 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4185711500, "indicator": "51.222.240.232", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 51.222.240.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3850282663, "indicator": "123.245.84.139", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4176608020, "indicator": "59.173.108.88", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.88 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4173137044, "indicator": "124.117.192.62", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4282825559, "indicator": "115.210.48.205", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 115.210.48.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 281911833, "indicator": "123.163.114.90", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.163.114.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4281981254, "indicator": "203.170.129.85", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 203.170.129.85 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3850291268, "indicator": "220.167.232.113", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3846366073, "indicator": "182.242.168.226", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.168.226 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4176606325, "indicator": "222.176.201.225", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.225 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4166612456, "indicator": "116.178.129.90", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.90 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3912767681, "indicator": "118.212.123.248", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3236527835, "indicator": "36.106.167.83", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 36.106.167.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4282825560, "indicator": "176.120.22.192", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Russia (AS198953, Proton66 OOO). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. 1 events.", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4165326093, "indicator": "14.135.74.217", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4208315564, "indicator": "113.57.186.136", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 113.57.186.136 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4178641399, "indicator": "27.47.27.72", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.27.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4173793177, "indicator": "121.29.149.225", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4179526764, "indicator": "116.178.130.70", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.70 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4162063641, "indicator": "27.47.25.249", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3880099601, "indicator": "123.245.85.236", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 123.245.85.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4006643172, "indicator": "36.106.167.34", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.167.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4031889148, "indicator": "123.245.85.135", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.245.85.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4179097392, "indicator": "36.250.221.171", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4155817087, "indicator": "36.250.220.80", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.220.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3846945734, "indicator": "220.167.233.235", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4282825561, "indicator": "8.209.107.133", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 8.209.107.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4177083975, "indicator": "220.177.9.55", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.177.9.55 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4282825562, "indicator": "8.222.188.116", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level3. 8.222.188.116 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3845679814, "indicator": "222.94.32.138", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4026740188, "indicator": "171.36.6.86", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 171.36.6.86 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 425539978, "indicator": "182.119.231.139", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 182.119.231.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3936550654, "indicator": "220.167.232.166", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4282825563, "indicator": "123.144.29.231", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4173147126, "indicator": "36.250.220.78", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.220.78 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 4134247495, "indicator": "103.59.95.177", "type": "IPv4", "created": "2026-03-27T14:41:54", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Indonesia (AS136052, PT Cloud Hosting Indonesia) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-26T14:41:53", "is_active": 1 }, { "id": 3850295867, "indicator": "182.242.168.134", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.168.134 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4281897626, "indicator": "47.84.103.255", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.84.103.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 3842101128, "indicator": "171.36.7.178", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.7.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4038995151, "indicator": "128.1.32.99", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 128.1.32.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4266739863, "indicator": "117.72.223.63", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 117.72.223.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4169123035, "indicator": "58.243.47.133", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.47.133 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 3253411524, "indicator": "60.13.7.134", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4157967023, "indicator": "36.250.220.139", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4170520324, "indicator": "114.97.191.233", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4174153931, "indicator": "222.176.201.237", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4169413106, "indicator": "222.176.200.78", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 2744382230, "indicator": "60.13.7.200", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4007569493, "indicator": "18.191.69.170", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 18.191.69.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 2220500317, "indicator": "180.95.231.12", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4282428050, "indicator": "47.84.102.59", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.102.59 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4057237389, "indicator": "123.145.20.124", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 123.145.20.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4172204432, "indicator": "114.97.190.77", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 2995915295, "indicator": "36.106.166.221", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.166.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4176856585, "indicator": "59.173.110.1", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4283415883, "indicator": "47.84.139.133", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.139.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4283415884, "indicator": "47.84.110.61", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.84.110.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 3807672010, "indicator": "60.13.6.47", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4171407197, "indicator": "116.167.5.7", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.167.5.7 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4227380790, "indicator": "41.59.105.58", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 41.59.105.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4173430438, "indicator": "222.176.201.26", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4172947735, "indicator": "59.173.109.122", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.122 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4154969518, "indicator": "124.117.192.152", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.152 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4283415885, "indicator": "1.247.101.59", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 1.247.101.59 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4250960069, "indicator": "175.107.233.162", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 175.107.233.162 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, reported).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 3886576614, "indicator": "1.83.125.150", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4283415886, "indicator": "47.84.106.18", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level3. 47.84.106.18 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, moderate, port-scan).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 3891641972, "indicator": "221.207.34.35", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 221.207.34.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4177754363, "indicator": "36.250.221.113", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 303919010, "indicator": "123.191.129.61", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.191.129.61 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 3853430744, "indicator": "220.167.233.44", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 220.167.233.44 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4173025638, "indicator": "112.94.188.227", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 112.94.188.227 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 3675922842, "indicator": "122.96.28.182", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 122.96.28.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 3870239138, "indicator": "180.95.238.12", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.12 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4283415887, "indicator": "8.219.96.33", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 8.219.96.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 337596743, "indicator": "171.12.10.237", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 262190806, "indicator": "123.163.114.208", "type": "IPv4", "created": "2026-03-27T15:42:02", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T15:42:00", "is_active": 1 }, { "id": 4155183303, "indicator": "59.173.109.192", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.192 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4176616559, "indicator": "120.39.48.245", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 120.39.48.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4013788248, "indicator": "123.245.85.35", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 3863199211, "indicator": "199.45.154.188", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 199.45.154.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4182970197, "indicator": "27.47.25.163", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 27.47.25.163 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 3849378307, "indicator": "221.207.35.124", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4283524136, "indicator": "176.53.162.45", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.53.162.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4282102052, "indicator": "47.84.140.0", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.140.0 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4007957704, "indicator": "171.36.7.169", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 171.36.7.169 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4156317528, "indicator": "196.202.19.226", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 196.202.19.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4282422753, "indicator": "47.237.169.208", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.237.169.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 2972830742, "indicator": "180.95.238.157", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 180.95.238.157 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4283524137, "indicator": "47.245.136.10", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.136.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 2191602496, "indicator": "180.95.238.147", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.147 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4140839199, "indicator": "144.48.130.143", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 144.48.130.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 3204711505, "indicator": "1.85.217.191", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 1.85.217.191 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4176569507, "indicator": "59.173.111.97", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4160188370, "indicator": "106.117.111.194", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.111.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4173095639, "indicator": "222.176.200.146", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4173787194, "indicator": "116.178.128.209", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.209 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4265298315, "indicator": "103.244.172.56", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 103.244.172.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4158461471, "indicator": "14.135.75.133", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 14.135.75.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4283524138, "indicator": "36.132.36.49", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 36.132.36.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 3909234518, "indicator": "220.167.232.143", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.143 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4206002687, "indicator": "106.12.152.131", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP from China (AS38365, Beijing Baidu Netcom Science and Technology Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. 1 events.", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4176631898, "indicator": "36.250.220.159", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4177486253, "indicator": "112.122.236.184", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 112.122.236.184 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4280140993, "indicator": "66.132.224.90", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.224.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4173122273, "indicator": "182.119.227.60", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.227.60 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 3630844590, "indicator": "167.172.89.248", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 167.172.89.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4172753130, "indicator": "124.117.193.74", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.193.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 3299520348, "indicator": "175.107.2.57", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 175.107.2.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 4283524139, "indicator": "143.20.129.110", "type": "IPv4", "created": "2026-03-27T16:42:10", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 143.20.129.110 observed using SSH client fingerprint 'Unknown SSH Client (2ec37a7cc8da)' 4 times when connecting to offbackup1 between 2026-03-27 15:16 and 2026-03-27 15:19 UTC.", "expiration": "2026-04-26T16:42:07", "is_active": 1 }, { "id": 3238918477, "indicator": "1.85.217.112", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.85.217.112 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4172977223, "indicator": "27.47.25.243", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.25.243 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4283526935, "indicator": "47.84.106.132", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.106.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4206004558, "indicator": "223.123.73.78", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 223.123.73.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 3913269604, "indicator": "220.167.232.183", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4160750563, "indicator": "112.122.237.194", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.237.194 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 3585344810, "indicator": "103.200.36.222", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.200.36.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4283526936, "indicator": "192.210.186.10", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 192.210.186.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, ftp-brute, hacking).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4283526937, "indicator": "8.211.4.200", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level3. Attacker IP from Frankfurt am Main, Germany (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 11s; 2 events.", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4155041982, "indicator": "27.47.24.169", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.169 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4261323848, "indicator": "101.70.108.241", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 101.70.108.241 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4165501752, "indicator": "58.243.47.123", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 58.243.47.123 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4201665935, "indicator": "27.227.183.125", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.227.183.125 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4173112598, "indicator": "27.47.27.56", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 27.47.27.56 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 3916576611, "indicator": "1.83.125.201", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 3558406344, "indicator": "87.236.176.216", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4180117433, "indicator": "27.47.27.246", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4179395036, "indicator": "112.94.189.68", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.189.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4282100474, "indicator": "35.231.14.185", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 35.231.14.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4201609711, "indicator": "210.191.89.156", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 210.191.89.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4140071420, "indicator": "182.119.226.216", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.226.216 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4283526938, "indicator": "50.118.250.178", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 50.118.250.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4179824672, "indicator": "120.39.48.166", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 120.39.48.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4173133136, "indicator": "116.178.131.36", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4103833570, "indicator": "95.84.148.21", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 95.84.148.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4201354485, "indicator": "121.29.149.106", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4172532278, "indicator": "116.178.131.79", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 116.178.131.79 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4282461968, "indicator": "47.245.140.149", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.245.140.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4283525907, "indicator": "18.222.151.74", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 18.222.151.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, moderate, multi-reported).", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 4224741853, "indicator": "107.174.189.2", "type": "IPv4", "created": "2026-03-27T17:42:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 107.174.189.2 observed using TLS client fingerprint 'Unknown TLS Client (f705a791346f)' 2 times when connecting to db1lapetro between 2026-03-27 16:10 and 2026-03-27 16:10 UTC.", "expiration": "2026-04-26T17:42:15", "is_active": 1 }, { "id": 3492012918, "indicator": "20.223.168.112", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 20.223.168.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4178790037, "indicator": "171.8.138.211", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.8.138.211 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4172926096, "indicator": "27.47.24.91", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.24.91 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4170046873, "indicator": "116.178.128.139", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 3639389235, "indicator": "177.152.146.117", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 177.152.146.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4173210810, "indicator": "106.117.117.222", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.117.117.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 3890232153, "indicator": "123.245.85.116", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4038053216, "indicator": "152.32.176.68", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 152.32.176.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4037506427, "indicator": "118.212.123.4", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4176071101, "indicator": "112.94.188.88", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.94.188.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4166614873, "indicator": "36.250.221.125", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.221.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 3910735197, "indicator": "58.212.237.76", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 58.212.237.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 3551392155, "indicator": "36.106.166.212", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4283528738, "indicator": "47.84.143.69", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.84.143.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4075826595, "indicator": "182.119.226.105", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.226.105 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4185412624, "indicator": "59.173.111.87", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Wuhan, China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 3759135430, "indicator": "182.242.169.82", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4171318950, "indicator": "116.178.131.173", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4166901811, "indicator": "121.199.48.149", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 121.199.48.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4263848497, "indicator": "54.196.240.224", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 54.196.240.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4263855554, "indicator": "54.242.39.252", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 54.242.39.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4162390860, "indicator": "114.97.190.16", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 3692794062, "indicator": "36.106.167.37", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4280262915, "indicator": "123.1.189.199", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 123.1.189.199 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 3888782520, "indicator": "44.220.188.168", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 44.220.188.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4282299561, "indicator": "171.111.194.59", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 171.111.194.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 3912155357, "indicator": "1.24.16.22", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.24.16.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4160139469, "indicator": "114.97.191.149", "type": "IPv4", "created": "2026-03-27T18:42:24", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T18:42:23", "is_active": 1 }, { "id": 4157453258, "indicator": "88.86.221.69", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 88.86.221.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4262445376, "indicator": "32.192.75.154", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 32.192.75.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4176839026, "indicator": "110.90.224.127", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.90.224.127 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4266827418, "indicator": "54.221.116.122", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 54.221.116.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4263079923, "indicator": "54.174.208.37", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 54.174.208.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4192104704, "indicator": "171.120.28.84", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 171.120.28.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4173191112, "indicator": "222.176.201.250", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4173195922, "indicator": "27.47.25.14", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4262443105, "indicator": "87.121.79.23", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 87.121.79.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4282423554, "indicator": "8.211.21.19", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 8.211.21.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4154031574, "indicator": "221.171.56.25", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 221.171.56.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4006744541, "indicator": "123.245.85.18", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 3715901236, "indicator": "122.96.28.195", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 122.96.28.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4172754311, "indicator": "222.176.201.80", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4208209998, "indicator": "58.243.46.158", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.46.158 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4176776771, "indicator": "27.47.27.107", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.107 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4283567575, "indicator": "47.245.128.33", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.245.128.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4008186643, "indicator": "118.212.123.212", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.123.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4173179843, "indicator": "106.117.116.72", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.116.72 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 3008100878, "indicator": "60.13.7.30", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 3910955364, "indicator": "180.95.238.214", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.214 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4175524672, "indicator": "121.137.131.78", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 121.137.131.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4282512166, "indicator": "161.97.105.189", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4185204735, "indicator": "182.119.229.6", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.229.6 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4172933606, "indicator": "180.111.30.178", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 180.111.30.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4278752025, "indicator": "206.168.201.118", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 206.168.201.118 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4126553042, "indicator": "47.83.4.97", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.83.4.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4283567576, "indicator": "182.242.168.123", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.168.123 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 3928390965, "indicator": "123.245.85.38", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4282428057, "indicator": "47.84.134.30", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.134.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4282411002, "indicator": "45.67.221.161", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.67.221.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4283567577, "indicator": "8.211.24.101", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 8.211.24.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4283567578, "indicator": "82.13.239.129", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 82.13.239.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4283567579, "indicator": "8.209.115.19", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 8.209.115.19 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, moderate, port-scan).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4276920092, "indicator": "117.131.156.103", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 117.131.156.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4175127096, "indicator": "51.159.96.126", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 51.159.96.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 2236782922, "indicator": "185.132.53.60", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh. 185.132.53.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 3520250191, "indicator": "103.189.234.57", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Indonesia (AS138608, Cloud Host Pte Ltd) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4163178149, "indicator": "177.36.220.22", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Pirapora, Brazil (AS52967, NT Brasil Tecnologia Ltda. ME). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4282439579, "indicator": "47.84.138.105", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.84.138.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4275707423, "indicator": "101.70.111.52", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.70.111.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4173436296, "indicator": "36.250.221.153", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.153 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4152417860, "indicator": "118.43.180.56", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 118.43.180.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4283567580, "indicator": "196.218.16.52", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Egypt (AS8452, TE Data). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. 1 events.", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4282103297, "indicator": "64.188.119.209", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Frankfurt am Main, Germany (AS215590, DpkgSoft International Limited). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 2ec37a7cc8da...); duration: 1m 53s; 6 events.", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4170520143, "indicator": "106.117.111.252", "type": "IPv4", "created": "2026-03-27T19:42:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Shijiazhuang, China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T19:42:28", "is_active": 1 }, { "id": 4201793309, "indicator": "59.173.108.168", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.168 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 1828960236, "indicator": "134.209.63.62", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 134.209.63.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4136444700, "indicator": "104.243.245.5", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 104.243.245.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4174153993, "indicator": "36.250.220.207", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 2605379209, "indicator": "36.106.167.208", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4281943824, "indicator": "181.23.121.145", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 181.23.121.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4156331782, "indicator": "36.250.220.100", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4183815985, "indicator": "59.173.111.211", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.211 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 3832787971, "indicator": "123.245.84.155", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 2995893308, "indicator": "221.11.60.151", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 221.11.60.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 2978047304, "indicator": "36.106.166.223", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4172934820, "indicator": "101.249.62.83", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.62.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4189350705, "indicator": "59.173.109.41", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 59.173.109.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4263072828, "indicator": "186.32.187.152", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 186.32.187.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 3715901622, "indicator": "124.89.90.59", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.89.90.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4173194653, "indicator": "116.178.129.168", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 116.178.129.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4169411464, "indicator": "124.117.192.76", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.192.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4172947773, "indicator": "222.176.201.60", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4281897618, "indicator": "47.236.152.199", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.236.152.199 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4283628586, "indicator": "47.236.196.80", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.236.196.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 3871596556, "indicator": "118.212.120.27", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4127645107, "indicator": "18.97.26.20", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 18.97.26.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4172941756, "indicator": "114.97.190.197", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 114.97.190.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4170520384, "indicator": "116.178.129.94", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.178.129.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4172954924, "indicator": "112.122.237.203", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.237.203 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4283628587, "indicator": "47.84.102.221", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.102.221 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4227540607, "indicator": "59.173.108.200", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.108.200 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4283628588, "indicator": "182.119.224.217", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.224.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 2985037957, "indicator": "101.249.60.186", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.60.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 3637897959, "indicator": "180.95.238.152", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.152 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 3807665226, "indicator": "182.242.168.222", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.168.222 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4181549242, "indicator": "116.172.201.148", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.172.201.148 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 3841150342, "indicator": "36.106.167.125", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 36.106.167.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4189983781, "indicator": "14.116.191.240", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 14.116.191.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4169915206, "indicator": "222.176.200.192", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4268227363, "indicator": "35.171.19.100", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 35.171.19.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4266630676, "indicator": "44.202.13.116", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 44.202.13.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4268208868, "indicator": "44.211.45.255", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 44.211.45.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4263663872, "indicator": "34.228.9.244", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 34.228.9.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4266815232, "indicator": "123.158.49.221", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.158.49.221 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4177426695, "indicator": "59.173.109.161", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.109.161 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 2920097088, "indicator": "1.83.125.90", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4177726651, "indicator": "206.135.169.2", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 206.135.169.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4022026038, "indicator": "110.177.180.211", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.180.211 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4046946726, "indicator": "118.212.122.23", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4262472484, "indicator": "13.222.179.236", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 13.222.179.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4262472272, "indicator": "100.24.47.223", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 100.24.47.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4283628589, "indicator": "182.119.226.0", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Zhengzhou, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4283628590, "indicator": "117.25.122.80", "type": "IPv4", "created": "2026-03-27T20:42:36", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Fuzhou, China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T20:42:34", "is_active": 1 }, { "id": 4230492523, "indicator": "75.119.141.110", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 75.119.141.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4057191109, "indicator": "47.86.190.58", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 47.86.190.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 3871596553, "indicator": "118.212.120.199", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.120.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4044369214, "indicator": "182.88.190.46", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.88.190.46 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4169915272, "indicator": "36.250.221.224", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.221.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 3813196019, "indicator": "200.46.223.242", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 200.46.223.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 3876621187, "indicator": "118.212.123.53", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.123.53 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 3859191426, "indicator": "221.207.34.52", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 3693061684, "indicator": "112.94.188.108", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.188.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4179825738, "indicator": "59.13.41.9", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 59.13.41.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4282398109, "indicator": "47.84.131.200", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.84.131.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4203782386, "indicator": "220.134.21.50", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 220.134.21.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4283634598, "indicator": "154.12.90.12", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 154.12.90.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4216435819, "indicator": "123.160.174.193", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.174.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 3903324968, "indicator": "220.167.233.151", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4173119642, "indicator": "222.176.201.1", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 222.176.201.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4171847099, "indicator": "36.250.220.127", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 36.250.220.127 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4283634599, "indicator": "47.84.207.14", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.207.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4154018269, "indicator": "42.48.38.97", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 42.48.38.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 3753532315, "indicator": "27.47.26.41", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.26.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4282405343, "indicator": "180.76.177.88", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from China (AS38365, Beijing Baidu Netcom Science and Technology Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. 1 events.", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4282102781, "indicator": "185.111.159.216", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.111.159.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4155336484, "indicator": "124.117.192.178", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.192.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4176534087, "indicator": "36.250.221.221", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4277212730, "indicator": "218.78.20.141", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 218.78.20.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4171428985, "indicator": "116.178.128.78", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4159251846, "indicator": "36.250.220.74", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.220.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4176758379, "indicator": "116.178.128.12", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.12 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4282159153, "indicator": "47.84.100.236", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 23s; 3 events.", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4170521913, "indicator": "222.176.200.50", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4282161437, "indicator": "109.248.170.188", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 109.248.170.188 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-03-27 20:30 and 2026-03-27 20:30 UTC.", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4283634600, "indicator": "101.70.108.175", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.70.108.175 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, ftp-brute, hacking).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4027655347, "indicator": "118.212.120.71", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4158461476, "indicator": "14.135.75.18", "type": "IPv4", "created": "2026-03-27T21:42:59", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 14.135.75.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T21:42:41", "is_active": 1 }, { "id": 4280196733, "indicator": "66.132.186.200", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.186.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4006751981, "indicator": "222.94.32.233", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.233 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4172206738, "indicator": "222.176.201.38", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 3830274191, "indicator": "58.212.237.184", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 368063829, "indicator": "123.163.114.45", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.163.114.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4084349864, "indicator": "171.36.7.212", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Nanning, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 3890972429, "indicator": "222.94.32.90", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 222.94.32.90 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 3655019220, "indicator": "223.166.22.3", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 223.166.22.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 2681610904, "indicator": "210.114.17.26", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from South Korea (AS4766, Korea Telecom). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 6s; 5 events.", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4283627334, "indicator": "103.83.251.136", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.83.251.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4161546820, "indicator": "116.178.128.230", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4161641445, "indicator": "114.97.191.78", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 114.97.191.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4283675994, "indicator": "171.116.42.7", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.116.42.7 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 2137583028, "indicator": "47.91.74.226", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.91.74.226 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4282462157, "indicator": "47.84.101.166", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.84.101.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4283675995, "indicator": "43.157.79.101", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 43.157.79.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4282102081, "indicator": "8.209.107.224", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 8.209.107.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4166311625, "indicator": "116.178.129.194", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.129.194 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4282399732, "indicator": "165.22.252.236", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via adbhoney. duration: 5s; 2 events.", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 3807665792, "indicator": "221.199.73.94", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 3915502456, "indicator": "1.193.63.139", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.193.63.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4178806045, "indicator": "121.29.84.134", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 3862592954, "indicator": "221.207.35.172", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4177495557, "indicator": "27.47.25.235", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.25.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4065106371, "indicator": "123.145.33.1", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.145.33.1 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4173210796, "indicator": "116.178.128.55", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.128.55 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 3692756979, "indicator": "146.190.48.172", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 146.190.48.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4282397905, "indicator": "47.245.131.184", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.245.131.184 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4156160262, "indicator": "117.29.52.237", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.29.52.237 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 2136124768, "indicator": "222.124.177.148", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Tangerang, Indonesia (AS7713, PT Telekomunikasi Indonesia). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 3939214792, "indicator": "165.154.5.188", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Hong Kong, Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration...", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4174548613, "indicator": "123.202.14.178", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 123.202.14.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4173811508, "indicator": "116.178.128.249", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.249 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4283675996, "indicator": "117.204.19.214", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.204.19.214 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4283675997, "indicator": "47.245.143.183", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.245.143.183 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 3850291068, "indicator": "58.212.237.121", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.212.237.121 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 4276915670, "indicator": "82.64.38.234", "type": "IPv4", "created": "2026-03-27T22:43:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from France (AS12322, Free SAS). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 12m 18s; 20 events.", "expiration": "2026-04-26T22:43:05", "is_active": 1 }, { "id": 3685954587, "indicator": "47.254.179.178", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.254.179.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 3846620218, "indicator": "222.94.32.182", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4169915268, "indicator": "36.250.220.36", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 3571809357, "indicator": "60.13.6.124", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.124 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 2949372514, "indicator": "180.95.231.40", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 180.95.231.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, port-scan).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 3823253611, "indicator": "27.47.25.200", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 27.47.25.200 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4011063313, "indicator": "171.36.7.164", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.36.7.164 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4178594311, "indicator": "116.178.130.59", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.59 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 2265519641, "indicator": "180.95.231.57", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4176384984, "indicator": "14.135.74.168", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4283703132, "indicator": "171.116.41.43", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.116.41.43 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 3489550002, "indicator": "36.106.166.95", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4173717268, "indicator": "116.178.128.31", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.31 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4283703133, "indicator": "47.245.136.253", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.245.136.253 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4164447121, "indicator": "27.47.24.75", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.24.75 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4164881341, "indicator": "27.47.25.93", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.25.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4182379603, "indicator": "27.47.26.7", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 27.47.26.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4247157629, "indicator": "8.216.15.149", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 8.216.15.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4282439553, "indicator": "47.245.136.70", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.245.136.70 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4282102035, "indicator": "47.245.128.248", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.128.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4282428041, "indicator": "47.254.154.160", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.154.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4021674868, "indicator": "45.156.129.191", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.156.129.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4021674867, "indicator": "45.156.129.190", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.156.129.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4283633505, "indicator": "161.97.143.120", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4169913919, "indicator": "124.117.192.83", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4170835052, "indicator": "116.178.128.69", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 116.178.128.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4178872585, "indicator": "114.97.190.36", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4172753085, "indicator": "121.29.84.159", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.84.159 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4169220787, "indicator": "114.97.191.108", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.108 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4176843981, "indicator": "116.178.129.176", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 2995867895, "indicator": "110.177.178.123", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 110.177.178.123 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4048930824, "indicator": "176.65.139.88", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.65.139.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4272704109, "indicator": "8.245.17.190", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 8.245.17.190 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 19 times when connecting to db4lamedtech between 2026-03-27 21:06 and 2026-03-27 22:36 UTC.", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 4282468834, "indicator": "115.178.75.242", "type": "IPv4", "created": "2026-03-27T23:43:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 115.178.75.242 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 19 times when connecting to db4lamedtech between 2026-03-27 21:03 and 2026-03-27 22:24 UTC.", "expiration": "2026-04-26T23:43:12", "is_active": 1 }, { "id": 641158, "indicator": "74.82.47.20", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 74.82.47.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 640848, "indicator": "74.82.47.32", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 74.82.47.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4282313043, "indicator": "47.84.140.213", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.84.140.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4055135247, "indicator": "1.222.180.22", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 1.222.180.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 3850288672, "indicator": "220.167.233.188", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.233.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 3858492633, "indicator": "118.212.121.87", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.87 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4161055629, "indicator": "121.29.149.58", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4172168812, "indicator": "36.250.220.101", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4283527820, "indicator": "94.159.116.56", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 94.159.116.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 3859583600, "indicator": "220.167.232.212", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4009520451, "indicator": "118.212.123.14", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 2138579082, "indicator": "121.52.153.7", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 121.52.153.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4283706422, "indicator": "157.18.36.187", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 157.18.36.187 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4279113137, "indicator": "221.208.113.63", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 221.208.113.63 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 3858103182, "indicator": "118.212.121.145", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 1583666759, "indicator": "36.250.221.81", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 36.250.221.81 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4173684952, "indicator": "112.94.189.209", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.94.189.209 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4169413274, "indicator": "36.250.220.133", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.133 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 3876993142, "indicator": "110.177.179.130", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.179.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4283628928, "indicator": "89.126.209.36", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Uzbekistan (AS202660, Uzbektelekom Joint Stock Company). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 14m 13s; 20 events.", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4173808231, "indicator": "112.94.189.160", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.94.189.160 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4283706423, "indicator": "159.65.140.202", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 159.65.140.202 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4179524833, "indicator": "180.111.30.224", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 3906930068, "indicator": "125.229.14.82", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 125.229.14.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4216580410, "indicator": "103.52.114.254", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.52.114.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4282439583, "indicator": "47.84.141.13", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.141.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4241317488, "indicator": "43.106.128.104", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.106.128.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4172754657, "indicator": "59.173.109.45", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 59.173.109.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4210302263, "indicator": "112.94.190.230", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.190.230 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4172206815, "indicator": "36.250.220.246", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 2995901898, "indicator": "60.13.6.185", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.185 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4282279247, "indicator": "47.84.106.82", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.106.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4176884593, "indicator": "112.122.237.2", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 3856956588, "indicator": "220.167.232.239", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from China (AS140061, Qinghai Telecom). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4007336726, "indicator": "220.167.232.139", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.167.232.139 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4180210558, "indicator": "171.37.92.201", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.37.92.201 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4282439752, "indicator": "47.91.94.133", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level3. 47.91.94.133 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4161850777, "indicator": "116.178.130.93", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4163031796, "indicator": "36.250.220.38", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.250.220.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4184775312, "indicator": "180.111.30.232", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4122159343, "indicator": "51.68.236.91", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.68.236.91 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-03-27 23:40 and 2026-03-27 23:40 UTC.", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4282428838, "indicator": "8.211.42.229", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.211.42.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 3855267146, "indicator": "180.95.231.76", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 180.95.231.76 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4282462172, "indicator": "47.84.204.99", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.204.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4166614672, "indicator": "24.149.79.127", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 24.149.79.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4173419285, "indicator": "36.250.221.117", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.117 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4056832839, "indicator": "123.145.24.5", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.145.24.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 2970147902, "indicator": "36.106.167.36", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 36.106.167.36 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 3433795609, "indicator": "27.47.27.141", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 27.47.27.141 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4101103015, "indicator": "183.109.199.222", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 183.109.199.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4283706424, "indicator": "119.48.135.86", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 119.48.135.86 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 3873661243, "indicator": "221.207.34.108", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 3968786947, "indicator": "98.80.4.67", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 98.80.4.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4201109256, "indicator": "121.29.84.132", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4189579019, "indicator": "110.90.224.134", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 110.90.224.134 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4150294709, "indicator": "27.143.159.175", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 27.143.159.175 observed using SSH client fingerprint 'Unknown SSH Client (ec7378c1a92f)' 2 times when connecting to db4lamedtech between 2026-03-27 23:23 and 2026-03-27 23:23 UTC.", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4275551422, "indicator": "165.154.23.29", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Hong Kong, Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 e...", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4281800051, "indicator": "211.228.218.47", "type": "IPv4", "created": "2026-03-28T00:43:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Dong-gu, South Korea (AS4766, Korea Telecom). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-27T00:43:19", "is_active": 1 }, { "id": 4182686814, "indicator": "59.173.109.125", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4282461965, "indicator": "47.245.136.11", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.136.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4250006757, "indicator": "112.32.138.120", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 112.32.138.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4283709886, "indicator": "172.236.165.60", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Mumbai, India (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 164 failed login attempts, 164 credential pairs tried across 109 unique usernames. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 16m 58s; 820 events.", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4199532097, "indicator": "106.13.181.3", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.13.181.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4263856775, "indicator": "45.6.62.31", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 45.6.62.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4282422968, "indicator": "47.91.72.158", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 47.91.72.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4283709887, "indicator": "125.93.252.89", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 125.93.252.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4243234131, "indicator": "172.81.133.211", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 172.81.133.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4283709888, "indicator": "8.209.116.242", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 8.209.116.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 2765928389, "indicator": "60.13.6.41", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4200703391, "indicator": "112.94.189.129", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.94.189.129 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4283709889, "indicator": "64.226.89.158", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.226.89.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4201897010, "indicator": "117.25.122.214", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.25.122.214 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, ftp-brute, hacking).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4229890280, "indicator": "58.19.140.77", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.140.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 3850750700, "indicator": "123.245.85.79", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.245.85.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4176769537, "indicator": "171.37.93.11", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.37.93.11 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 3926076427, "indicator": "123.245.85.229", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4283706229, "indicator": "165.245.164.123", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4283709309, "indicator": "165.245.174.168", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4283706209, "indicator": "165.245.163.49", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4283706198, "indicator": "165.245.163.27", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4283527835, "indicator": "148.72.172.88", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from St Louis, United States (AS30083, velia.net). Observed targeting government sector honeypot backup-hp-01 via sentrypeer. 1 events.", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4283709890, "indicator": "38.248.15.142", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Atlanta, United States (AS395931, Real Time Cloud Services LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4160591825, "indicator": "114.97.190.27", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4281684613, "indicator": "43.245.39.21", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 43.245.39.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4172754308, "indicator": "222.176.201.56", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4282102032, "indicator": "47.236.165.0", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.236.165.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4011702160, "indicator": "118.212.122.78", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4006736704, "indicator": "123.191.131.143", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Shenyang, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4275731805, "indicator": "91.92.243.54", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 91.92.243.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 4281920294, "indicator": "189.154.171.184", "type": "IPv4", "created": "2026-03-28T01:43:48", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 189.154.171.184 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 10 times when connecting to db1lapetro between 2026-03-27 23:07 and 2026-03-27 23:59 UTC.", "expiration": "2026-04-27T01:43:47", "is_active": 1 }, { "id": 3850281682, "indicator": "182.242.168.239", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.168.239 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283711779, "indicator": "47.84.100.215", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.100.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283383673, "indicator": "223.199.175.128", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 223.199.175.128 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4162604230, "indicator": "36.250.220.165", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4277158404, "indicator": "123.144.24.131", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.144.24.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 2721178053, "indicator": "123.144.28.231", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.144.28.231 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 2129089072, "indicator": "36.106.166.155", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.155 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4006990390, "indicator": "222.94.32.16", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 222.94.32.16 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 3911828122, "indicator": "171.36.7.143", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.36.7.143 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 3918005913, "indicator": "100.29.192.86", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 100.29.192.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4250006758, "indicator": "112.32.139.46", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 112.32.139.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 3850750128, "indicator": "118.212.123.8", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.8 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4151808562, "indicator": "103.187.146.196", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Indonesia (AS138608, Cloud Host Pte Ltd) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 3s; 5 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4170056077, "indicator": "1.85.217.177", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 1.85.217.177 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 3899506357, "indicator": "118.212.123.181", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4168234247, "indicator": "116.178.129.230", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.129.230 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4255804502, "indicator": "112.32.139.197", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Hefei, China (AS9808, China Mobile Communications Group Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 2m 0s; 2 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4282166692, "indicator": "47.245.143.11", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.245.143.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4160192722, "indicator": "14.135.75.115", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.75.115 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 3807674216, "indicator": "182.242.168.59", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.168.59 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283707791, "indicator": "104.28.152.40", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from S\u00e3o Paulo, Brazil (AS13335, Cloudflare, Inc.) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via adbhoney. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706225, "indicator": "165.245.163.88", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706239, "indicator": "165.245.175.168", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706204, "indicator": "165.245.163.40", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706221, "indicator": "165.245.163.75", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706208, "indicator": "165.245.163.46", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706231, "indicator": "165.245.164.127", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706202, "indicator": "165.245.163.38", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706224, "indicator": "165.245.163.87", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706220, "indicator": "165.245.163.74", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706218, "indicator": "165.245.163.68", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706216, "indicator": "165.245.163.64", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283704858, "indicator": "165.245.163.86", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706227, "indicator": "165.245.164.113", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706232, "indicator": "165.245.164.128", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706203, "indicator": "165.245.163.39", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706210, "indicator": "165.245.163.52", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706234, "indicator": "165.245.164.136", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706207, "indicator": "165.245.163.43", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706206, "indicator": "165.245.163.42", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706212, "indicator": "165.245.163.54", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706219, "indicator": "165.245.163.73", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706233, "indicator": "165.245.164.135", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706241, "indicator": "165.245.175.71", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706237, "indicator": "165.245.175.155", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706235, "indicator": "165.245.164.138", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4283706226, "indicator": "165.245.163.94", "type": "IPv4", "created": "2026-03-28T02:44:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T02:43:54", "is_active": 1 }, { "id": 4210299067, "indicator": "150.255.248.200", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 150.255.248.200 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4046246534, "indicator": "110.177.183.120", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.183.120 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 3888815250, "indicator": "118.212.121.0", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.0 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4176629517, "indicator": "27.47.26.43", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.26.43 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 2191605913, "indicator": "60.13.6.209", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 3389838535, "indicator": "182.119.225.111", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.225.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283713843, "indicator": "220.195.5.12", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 220.195.5.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, low).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4182622747, "indicator": "176.226.200.178", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.226.200.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4161542352, "indicator": "124.117.192.232", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4170100226, "indicator": "170.83.126.230", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.83.126.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283713844, "indicator": "178.175.135.6", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 178.175.135.6 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4178219538, "indicator": "112.122.236.64", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.236.64 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 3372187712, "indicator": "110.177.177.56", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 110.177.177.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 2920098698, "indicator": "124.89.90.52", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 124.89.90.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4282462956, "indicator": "8.211.2.67", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 8.211.2.67 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4170933963, "indicator": "110.39.248.117", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 110.39.248.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283713845, "indicator": "47.84.137.34", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.84.137.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4282396701, "indicator": "165.232.64.116", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 165.232.64.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4191873142, "indicator": "165.154.173.195", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 165.154.173.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4263668986, "indicator": "43.106.145.9", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.106.145.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4173316781, "indicator": "58.243.47.62", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.47.62 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4274329591, "indicator": "144.91.109.115", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 144.91.109.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4007589322, "indicator": "118.212.121.166", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4160280173, "indicator": "81.218.133.194", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 81.218.133.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 3865446129, "indicator": "123.245.85.66", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 3572326608, "indicator": "171.231.194.69", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Da Nang, Vietnam (AS7552, Viettel Group). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 6m 8s; 15 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283713846, "indicator": "116.110.157.196", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Da Nang, Vietnam (AS24086, Viettel Corporation). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 5m 28s; 15 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4173827096, "indicator": "222.95.168.84", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.95.168.84 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4164855787, "indicator": "36.250.221.168", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.221.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4008779297, "indicator": "118.212.122.188", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 3911172435, "indicator": "58.212.237.175", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.212.237.175 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4172911243, "indicator": "58.243.47.128", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.47.128 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4158461147, "indicator": "124.227.31.57", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 124.227.31.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 3839831825, "indicator": "182.242.168.89", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.168.89 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4173484948, "indicator": "116.178.130.61", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 116.178.130.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 2241006225, "indicator": "47.254.79.81", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, fatt. Attacker IP 47.254.79.81 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 6 times when connecting to db4lamedtech between 2026-03-28 02:31 and 2026-03-28 02:31 UTC.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283527841, "indicator": "77.42.34.184", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 77.42.34.184 observed using SSH client fingerprint 'Unknown SSH Client (2ec37a7cc8da)' 17 times when connecting to db1lapetro between 2026-03-28 02:27 and 2026-03-28 02:34 UTC.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4182822819, "indicator": "223.199.160.15", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 223.199.160.15 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 255572055, "indicator": "122.96.28.75", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 122.96.28.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706200, "indicator": "165.245.163.35", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283709306, "indicator": "165.245.163.61", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706213, "indicator": "165.245.163.55", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706236, "indicator": "165.245.167.128", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706211, "indicator": "165.245.163.53", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283709308, "indicator": "165.245.164.134", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706214, "indicator": "165.245.163.58", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283709307, "indicator": "165.245.163.66", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706205, "indicator": "165.245.163.41", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706199, "indicator": "165.245.163.34", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706215, "indicator": "165.245.163.62", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706230, "indicator": "165.245.164.126", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706228, "indicator": "165.245.164.117", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283709305, "indicator": "165.245.163.47", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706217, "indicator": "165.245.163.67", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706238, "indicator": "165.245.175.167", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706223, "indicator": "165.245.163.82", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706222, "indicator": "165.245.163.8", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283706240, "indicator": "165.245.175.29", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4283713847, "indicator": "171.116.43.57", "type": "IPv4", "created": "2026-03-28T03:44:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T03:44:10", "is_active": 1 }, { "id": 4007473716, "indicator": "221.207.34.91", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.34.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4177108456, "indicator": "58.243.47.42", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.243.47.42 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 3850290056, "indicator": "222.94.32.215", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 222.94.32.215 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 2134407086, "indicator": "112.94.188.58", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.188.58 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 3915556923, "indicator": "123.245.85.17", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4283760828, "indicator": "8.209.115.1", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 8.209.115.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4162028162, "indicator": "211.53.113.223", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 211.53.113.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4281950643, "indicator": "47.245.140.230", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.140.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4179440422, "indicator": "112.122.237.16", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 112.122.237.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 3997323385, "indicator": "47.236.70.47", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.236.70.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4263668989, "indicator": "43.106.71.52", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.106.71.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4173682921, "indicator": "116.178.129.219", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4156314832, "indicator": "36.250.220.196", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.220.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4165501271, "indicator": "36.250.221.43", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4225337634, "indicator": "59.103.104.110", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 59.103.104.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4054368643, "indicator": "175.19.74.141", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 175.19.74.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4280362662, "indicator": "42.193.123.116", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Beijing, China (AS45090, Shenzhen Tencent Computer Systems Company Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. 2 events.", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 3911835965, "indicator": "123.245.85.73", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4169242208, "indicator": "114.97.191.90", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4283760829, "indicator": "14.1.104.80", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Lahore, Pakistan (AS9541, Cyber Internet Services Pvt Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 1m 44s; 9 events.", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4156357862, "indicator": "14.135.75.157", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 14.135.75.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4109237698, "indicator": "120.48.140.232", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 120.48.140.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 3994269752, "indicator": "18.97.5.120", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 18.97.5.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 3854829339, "indicator": "118.212.121.72", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4171640696, "indicator": "106.117.110.96", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.110.96 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 3927314791, "indicator": "124.66.74.190", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 124.66.74.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4172933420, "indicator": "116.178.131.247", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4161542044, "indicator": "114.97.190.209", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.209 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 2995901901, "indicator": "60.13.7.121", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4172754295, "indicator": "222.176.200.99", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 3115154803, "indicator": "91.207.74.89", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Almaty, Kazakhstan (AS205431, HostLab LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh2_1.11.1 (HASSH: 19532158b559...); duration: 2s; 5 events.", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4164879126, "indicator": "116.178.131.8", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4282422953, "indicator": "47.84.101.132", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level3. 47.84.101.132 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, moderate, port-scan).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4137027869, "indicator": "182.119.228.242", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.228.242 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4115066972, "indicator": "104.238.194.12", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 104.238.194.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4283760830, "indicator": "101.70.111.205", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.70.111.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4283706201, "indicator": "165.245.163.37", "type": "IPv4", "created": "2026-03-28T04:44:24", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T04:44:23", "is_active": 1 }, { "id": 4177144416, "indicator": "182.119.230.16", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.230.16 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4157563538, "indicator": "59.173.108.254", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4262446112, "indicator": "94.26.106.224", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 94.26.106.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4173093075, "indicator": "222.176.200.136", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4006976276, "indicator": "220.167.233.129", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4162185928, "indicator": "112.94.191.112", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.191.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4173651104, "indicator": "27.47.27.150", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 27.47.27.150 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4164879072, "indicator": "116.178.128.242", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.242 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4172754486, "indicator": "36.250.221.22", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.22 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 3734642057, "indicator": "122.96.28.234", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 122.96.28.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4169413105, "indicator": "222.176.200.246", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4174240715, "indicator": "27.47.26.103", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.26.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4283770622, "indicator": "34.61.200.93", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 34.61.200.93 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 3591520548, "indicator": "204.76.203.59", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 204.76.203.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4176747887, "indicator": "116.178.131.27", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.27 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4069098333, "indicator": "106.4.161.72", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.4.161.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 2685683585, "indicator": "123.163.114.41", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 3548231238, "indicator": "221.214.181.197", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 221.214.181.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4009042984, "indicator": "220.167.232.86", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4158306986, "indicator": "36.250.220.46", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 3276368644, "indicator": "159.223.94.24", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4073468529, "indicator": "171.36.6.219", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4178265579, "indicator": "58.243.46.177", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.46.177 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 3692821028, "indicator": "36.106.166.99", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from China (AS17638, ASN for TIANJIN Provincial Net of CT). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4161544530, "indicator": "36.250.221.201", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.221.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 3020767540, "indicator": "193.163.125.64", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4178704639, "indicator": "221.208.113.166", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 221.208.113.166 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 3555148713, "indicator": "87.236.176.165", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 3858110550, "indicator": "91.92.240.199", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Frankfurt am Main, Germany (AS202412, Omegatech LTD). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 2ec37a7cc8da...); duration: 14m 1s; 35 events.", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4142904719, "indicator": "39.115.195.164", "type": "IPv4", "created": "2026-03-28T05:44:33", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 39.115.195.164 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 19 times when connecting to offbackup1 between 2026-03-28 03:06 and 2026-03-28 04:27 UTC.", "expiration": "2026-04-27T05:44:30", "is_active": 1 }, { "id": 4164879038, "indicator": "114.97.191.194", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4280285261, "indicator": "48.210.66.163", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 48.210.66.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 2684257962, "indicator": "180.95.238.36", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4173651102, "indicator": "36.250.220.90", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.250.220.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 3872731023, "indicator": "118.212.123.238", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 118.212.123.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 3547680573, "indicator": "103.199.19.57", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.199.19.57 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 3 command sessions (6 commands), 5 malware samples. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4160747606, "indicator": "14.135.75.60", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.75.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4173155693, "indicator": "14.135.75.163", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.75.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4184033143, "indicator": "121.29.85.151", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.85.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 3920540959, "indicator": "220.167.232.140", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4283776902, "indicator": "8.211.20.69", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level3. 8.211.20.69 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, moderate, port-scan).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4282462161, "indicator": "47.84.109.129", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.109.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4282102214, "indicator": "91.210.170.92", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 91.210.170.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4172204468, "indicator": "116.178.129.8", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 3874857407, "indicator": "221.207.34.206", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4165386598, "indicator": "116.178.128.73", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.73 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4153429106, "indicator": "175.107.205.199", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Lahore, Pakistan (AS9541, Cyber Internet Services Pvt Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 4m 45s; 45 events.", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4283776903, "indicator": "1.95.52.16", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Guiyang, China (AS55990, Huawei Cloud Service data center) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. 1 events.", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4176925224, "indicator": "106.117.106.244", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.106.244 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4173717261, "indicator": "116.178.129.198", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.198 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4177072118, "indicator": "222.176.201.117", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 222.176.201.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4008398935, "indicator": "60.13.6.250", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4173858478, "indicator": "180.111.30.229", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.111.30.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4283776904, "indicator": "58.19.98.116", "type": "IPv4", "created": "2026-03-28T06:44:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Wuhan, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T06:44:40", "is_active": 1 }, { "id": 4154122891, "indicator": "36.250.220.252", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4156071321, "indicator": "36.250.220.63", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.63 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4176779252, "indicator": "120.39.48.248", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 120.39.48.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4177162840, "indicator": "14.135.74.123", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4280064652, "indicator": "180.252.147.28", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 180.252.147.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4282461966, "indicator": "47.245.137.129", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.245.137.129 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4170918894, "indicator": "116.178.128.87", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.178.128.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4165146801, "indicator": "27.47.25.189", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.25.189 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4176062785, "indicator": "116.178.131.90", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4283383679, "indicator": "8.209.108.30", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 8.209.108.30 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 3554515187, "indicator": "182.119.228.149", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.228.149 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4283818784, "indicator": "162.40.175.174", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 162.40.175.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 3259036759, "indicator": "182.180.167.238", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 182.180.167.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4283818785, "indicator": "47.245.134.148", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.245.134.148 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4283818786, "indicator": "182.204.184.45", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. 1 events.", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4007661390, "indicator": "123.245.84.75", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4180717015, "indicator": "106.117.117.70", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.117.70 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4168834688, "indicator": "222.176.200.213", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4283818787, "indicator": "91.80.132.205", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 91.80.132.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4182309724, "indicator": "110.177.183.173", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 110.177.183.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 3861463757, "indicator": "118.212.120.3", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.120.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4160351102, "indicator": "36.250.221.40", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.221.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 3912852373, "indicator": "118.212.120.110", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.110 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4176692333, "indicator": "116.178.128.117", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 3950252489, "indicator": "118.212.120.119", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4282422952, "indicator": "47.84.101.11", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.101.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4005501053, "indicator": "8.219.54.247", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.219.54.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 3889384216, "indicator": "221.207.35.53", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4283818788, "indicator": "194.76.226.229", "type": "IPv4", "created": "2026-03-28T07:44:47", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Frankfurt am Main, Germany (AS39378, servinga GmbH). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-27T07:44:46", "is_active": 1 }, { "id": 4208046913, "indicator": "58.19.140.153", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.19.140.153 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4283711546, "indicator": "178.17.51.19", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 178.17.51.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4007656236, "indicator": "60.13.6.101", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 3759127026, "indicator": "59.52.102.126", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.52.102.126 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4173699114, "indicator": "218.64.60.226", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 218.64.60.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4281897619, "indicator": "47.236.170.94", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.236.170.94 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4283872693, "indicator": "8.211.27.182", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 8.211.27.182 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (critical, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 3888367363, "indicator": "222.94.32.94", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 222.94.32.94 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 3850293655, "indicator": "220.167.233.10", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.233.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 3850281676, "indicator": "221.207.34.100", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4282298773, "indicator": "222.137.133.145", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Zhengzhou, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 14m 11s; 17 events.", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4173814578, "indicator": "36.250.220.253", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4178977715, "indicator": "121.29.149.247", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4173438825, "indicator": "222.176.201.176", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4274414231, "indicator": "177.12.98.235", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 177.12.98.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4189957610, "indicator": "222.100.133.134", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 222.100.133.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4029514934, "indicator": "180.95.231.67", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 3860089082, "indicator": "58.212.237.70", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4144074874, "indicator": "112.6.9.52", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 112.6.9.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4283872694, "indicator": "103.244.172.211", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 103.244.172.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4173657736, "indicator": "116.178.131.248", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 3917340106, "indicator": "118.212.123.154", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4164845914, "indicator": "124.117.193.104", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.193.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4282439580, "indicator": "47.84.138.116", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.138.116 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4263666970, "indicator": "101.70.110.107", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 101.70.110.107 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4283872695, "indicator": "117.251.207.157", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 117.251.207.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4172752968, "indicator": "116.178.129.222", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.129.222 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4167701560, "indicator": "27.47.26.133", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 3883993524, "indicator": "2.83.229.165", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 2.83.229.165 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (15 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 3904052384, "indicator": "222.94.32.6", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.94.32.6 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4008096022, "indicator": "59.52.100.167", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.52.100.167 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 2249859793, "indicator": "134.209.97.155", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 134.209.97.155 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 21 times when connecting to offbackup1 between 2026-03-28 06:18 and 2026-03-28 07:49 UTC.", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4283706246, "indicator": "47.236.157.205", "type": "IPv4", "created": "2026-03-28T08:44:55", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 23s; 3 events.", "expiration": "2026-04-27T08:44:54", "is_active": 1 }, { "id": 4190709399, "indicator": "1.94.46.74", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 1.94.46.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4156801431, "indicator": "124.117.193.99", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 124.117.193.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4176785320, "indicator": "59.173.109.151", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.109.151 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 3844396953, "indicator": "221.207.34.187", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 3994177678, "indicator": "18.97.5.75", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 18.97.5.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 3494906703, "indicator": "186.226.207.233", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Navira\u00ed, Brazil (AS262290, Newparce Telecomunicacoes Ltda ME). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 3850750121, "indicator": "118.212.120.157", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4210099453, "indicator": "59.173.108.55", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 3850287463, "indicator": "222.94.32.65", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 222.94.32.65 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4179022440, "indicator": "52.164.204.26", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 52.164.204.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4040355851, "indicator": "171.36.6.26", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.36.6.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4279702063, "indicator": "66.132.195.103", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.132.195.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 3153519067, "indicator": "36.106.167.12", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4161542054, "indicator": "114.97.191.218", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 114.97.191.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4171379667, "indicator": "101.249.62.81", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.62.81 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4262492827, "indicator": "117.245.143.125", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.245.143.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4083450009, "indicator": "203.207.56.64", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 203.207.56.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4283874005, "indicator": "8.211.22.190", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 8.211.22.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4056776523, "indicator": "43.138.5.244", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 43.138.5.244 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) App...' 5 times when connecting to mdms1 between 2026-03-28 08:36 and 2026-03-28 08:36 UTC.", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4283874006, "indicator": "109.63.191.145", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Moscow, Russia (AS12714, PJSC MegaFon). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. 1 events.", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4165499432, "indicator": "124.117.193.233", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.193.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4282461969, "indicator": "47.245.142.92", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.245.142.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 2801905794, "indicator": "180.95.238.15", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.15 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 3850290458, "indicator": "221.207.34.167", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 221.207.34.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4283676078, "indicator": "109.73.207.89", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 109.73.207.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 4163508392, "indicator": "59.173.109.58", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 3850293868, "indicator": "182.242.168.153", "type": "IPv4", "created": "2026-03-28T09:45:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T09:44:59", "is_active": 1 }, { "id": 3927760398, "indicator": "221.207.35.0", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 221.207.35.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4168715153, "indicator": "106.117.117.154", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.117.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4283527828, "indicator": "223.233.85.57", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 223.233.85.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4283877475, "indicator": "47.245.135.136", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.135.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4008008695, "indicator": "220.167.232.156", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4175441860, "indicator": "101.249.63.126", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.249.63.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4173780556, "indicator": "222.176.200.27", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.27 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4166614869, "indicator": "36.250.220.166", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 36.250.220.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 3943861002, "indicator": "139.59.162.128", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.162.128 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands), 5 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 2768157844, "indicator": "60.13.6.183", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 60.13.6.183 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4283877476, "indicator": "47.84.207.240", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.207.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4282271202, "indicator": "46.225.234.167", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, cowrie. 46.225.234.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4022024822, "indicator": "1.83.125.16", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4277080265, "indicator": "66.132.186.215", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.132.186.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4164645787, "indicator": "103.16.31.12", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.16.31.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4280278160, "indicator": "14.35.50.20", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 14.35.50.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 3768039088, "indicator": "60.13.7.22", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4084208815, "indicator": "139.212.68.186", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 139.212.68.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 2683750939, "indicator": "60.13.7.235", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.235 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4216433631, "indicator": "112.122.237.25", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.25 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4171658500, "indicator": "222.176.200.153", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 222.176.200.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4173914822, "indicator": "116.178.130.119", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4281966214, "indicator": "122.177.247.39", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Hyderabad, India (AS24560, Bharti Airtel Ltd., Telemedia Services). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4166614513, "indicator": "221.208.113.121", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 221.208.113.121 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4281966030, "indicator": "183.56.199.196", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 183.56.199.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4281784148, "indicator": "189.169.25.45", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Celaya, Mexico (AS8151, UNINET). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 1s; 5 events.", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 3232281760, "indicator": "36.106.167.158", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4174594324, "indicator": "173.212.204.28", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 173.212.204.28 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-03-28 09:44 and 2026-03-28 09:44 UTC.", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4178800993, "indicator": "112.94.188.28", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.188.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4185877393, "indicator": "110.37.47.9", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.37.47.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4176609897, "indicator": "106.117.110.91", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.110.91 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 3020767480, "indicator": "193.163.125.216", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 193.163.125.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 3877671595, "indicator": "221.207.34.22", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.34.22 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 3714886522, "indicator": "101.68.5.57", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 101.68.5.57 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4058220536, "indicator": "95.43.76.100", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 95.43.76.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4095253784, "indicator": "182.119.230.232", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.230.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 3486755648, "indicator": "179.43.133.250", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from R\u00fcmlang, Switzerland (AS51852, Private Layer INC). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 2s; 4 events.", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4256348440, "indicator": "149.56.102.185", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Montreal, Canada (AS16276, OVH SAS) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 4m 26s; 10 events.", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4283877477, "indicator": "223.199.169.174", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 2722187732, "indicator": "123.144.25.28", "type": "IPv4", "created": "2026-03-28T10:45:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T10:45:05", "is_active": 1 }, { "id": 4203656798, "indicator": "120.39.48.199", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 120.39.48.199 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 3757168439, "indicator": "182.242.169.81", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.169.81 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4173772567, "indicator": "27.47.27.33", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.27.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4283774273, "indicator": "220.162.198.142", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 220.162.198.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 3787853153, "indicator": "182.242.168.80", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.168.80 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4167699548, "indicator": "114.97.191.48", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 114.97.191.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4283878821, "indicator": "152.53.228.157", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 152.53.228.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4226668723, "indicator": "103.45.143.31", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 103.45.143.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4283878822, "indicator": "106.119.154.56", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, cowrie. 106.119.154.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4283878823, "indicator": "203.145.34.119", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Indonesia (AS136052, PT Cloud Hosting Indonesia) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4176053528, "indicator": "106.117.111.231", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 106.117.111.231 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4283705299, "indicator": "107.173.55.151", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Buffalo, United States (AS36352, HostPapa). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 14m 6s; 20 events.", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 3855024918, "indicator": "220.167.232.152", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.152 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 3924634212, "indicator": "123.245.85.92", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 3552312929, "indicator": "37.237.191.73", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 37.237.191.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 3981411862, "indicator": "180.95.238.17", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4031957844, "indicator": "180.95.238.245", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 180.95.238.245 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 3861976593, "indicator": "44.220.188.87", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 44.220.188.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4169913643, "indicator": "116.178.130.241", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.130.241 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4227994994, "indicator": "106.117.110.68", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.110.68 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4282161438, "indicator": "165.154.22.171", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Hong Kong, Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s;...", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4180354336, "indicator": "58.243.46.62", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.46.62 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4283837481, "indicator": "47.84.143.20", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.143.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4229972172, "indicator": "175.107.213.64", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 175.107.213.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 4283878824, "indicator": "206.135.174.176", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 206.135.174.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 3850287475, "indicator": "182.242.168.225", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 3759598996, "indicator": "182.242.168.216", "type": "IPv4", "created": "2026-03-28T11:45:15", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T11:45:12", "is_active": 1 }, { "id": 3637897349, "indicator": "150.255.25.12", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 150.255.25.12 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4178825124, "indicator": "182.119.224.116", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.224.116 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4022023228, "indicator": "123.245.85.242", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4173445610, "indicator": "116.178.131.220", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4177192796, "indicator": "59.173.111.186", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4008199859, "indicator": "220.167.232.184", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 220.167.232.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 3636213004, "indicator": "182.242.168.223", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.168.223 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4283924018, "indicator": "70.75.138.197", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 70.75.138.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4283527806, "indicator": "157.230.198.160", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 157.230.198.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4282298277, "indicator": "47.84.204.29", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.204.29 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (critical, exploited-host, hacking).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 3921567136, "indicator": "123.245.84.197", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 123.245.84.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4283924019, "indicator": "167.86.97.224", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 167.86.97.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4250594977, "indicator": "223.123.73.231", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 223.123.73.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4176915566, "indicator": "110.90.106.78", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 110.90.106.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4282279249, "indicator": "47.84.200.9", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.200.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4016114963, "indicator": "180.95.238.123", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 180.95.238.123 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4173822335, "indicator": "116.178.129.50", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.50 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 3884410564, "indicator": "1.83.125.108", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4180732650, "indicator": "59.173.109.189", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 59.173.109.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4283774222, "indicator": "161.97.68.159", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 161.97.68.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 3908247954, "indicator": "222.94.32.247", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.247 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 2995895747, "indicator": "36.106.166.24", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4173362826, "indicator": "116.178.131.197", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 116.178.131.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 1369527800, "indicator": "27.47.27.35", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.27.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 3850295653, "indicator": "123.245.85.183", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 123.245.85.183 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4143687582, "indicator": "46.236.65.40", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 46.236.65.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4144261016, "indicator": "187.251.132.2", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Culiac\u00e1n, Mexico (AS22884, TOTAL PLAY TELECOMUNICACIONES SA DE CV). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 3s; 5 events.", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4282305469, "indicator": "47.236.89.31", "type": "IPv4", "created": "2026-03-28T12:45:25", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.236.89.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T12:45:23", "is_active": 1 }, { "id": 4172204431, "indicator": "114.97.190.69", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 3913065956, "indicator": "123.245.85.108", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4133670695, "indicator": "116.172.248.254", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 116.172.248.254 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 3859583796, "indicator": "222.94.32.19", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.94.32.19 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 3630343604, "indicator": "206.189.57.162", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 206.189.57.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4161027365, "indicator": "110.90.224.28", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.90.224.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 2936001703, "indicator": "36.106.166.214", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4201331711, "indicator": "58.243.47.233", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.47.233 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 2685683995, "indicator": "110.177.182.12", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.182.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4169625802, "indicator": "36.250.220.35", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.220.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4044370372, "indicator": "123.160.234.47", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.160.234.47 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4125303582, "indicator": "223.16.117.204", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 223.16.117.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4164546447, "indicator": "124.117.192.222", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4135760004, "indicator": "80.238.228.218", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Riyadh, Saudi Arabia (AS136907, HUAWEI CLOUDS) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 2227429684, "indicator": "60.13.7.58", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4030679495, "indicator": "171.36.6.153", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.36.6.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4176071216, "indicator": "116.178.128.182", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 2660342519, "indicator": "180.95.238.178", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 180.95.238.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 3732654734, "indicator": "183.107.147.131", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 183.107.147.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4164697017, "indicator": "36.250.220.89", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4068028531, "indicator": "110.177.179.179", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.179.179 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4007750866, "indicator": "1.193.63.245", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.193.63.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4282422761, "indicator": "47.245.142.138", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.142.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4009049739, "indicator": "171.8.138.110", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.8.138.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4164175646, "indicator": "116.178.128.161", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 116.178.128.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4088420028, "indicator": "182.176.186.95", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 182.176.186.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4278325771, "indicator": "101.89.145.8", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Shanghai, China (AS4811, China Telecom Group). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 10m 21s; 14 events.", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4177435721, "indicator": "58.243.46.254", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.46.254 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 3508463349, "indicator": "182.242.168.249", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 182.242.168.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 3751321419, "indicator": "110.239.65.57", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP from Jakarta, Indonesia (AS136907, HUAWEI CLOUDS) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events.", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4281641366, "indicator": "112.40.163.79", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS56044, China Mobile communications corporation). Observed targeting energy sector honeypot petroleum-hp-01 via adbhoney. 1 events.", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 3654284362, "indicator": "36.106.167.146", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4181426108, "indicator": "220.71.241.197", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 220.71.241.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4282428054, "indicator": "47.84.113.184", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.113.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 459846531, "indicator": "121.29.85.77", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.85.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 3768039093, "indicator": "60.13.7.27", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 60.13.7.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 3235222017, "indicator": "60.13.6.176", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4283935309, "indicator": "106.117.111.128", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.117.111.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4283774306, "indicator": "62.210.125.36", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Paris, France (AS12876, Scaleway SAS). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 12m 28s; 20 events.", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4283923183, "indicator": "98.93.166.247", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Ashburn, United States (AS14618, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeyaml. 1 events.", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4266739798, "indicator": "113.249.113.119", "type": "IPv4", "created": "2026-03-28T13:45:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 113.249.113.119 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to offbackup1 between 2026-03-28 12:04 and 2026-03-28 12:04 UTC.", "expiration": "2026-04-27T13:45:31", "is_active": 1 }, { "id": 4177495569, "indicator": "123.145.21.61", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.145.21.61 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 3830386387, "indicator": "220.167.232.67", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4168264148, "indicator": "112.122.236.119", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 112.122.236.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4181426339, "indicator": "59.173.108.211", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.108.211 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 981753383, "indicator": "59.173.108.37", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.108.37 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4154360831, "indicator": "36.250.221.151", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 36.250.221.151 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4282310711, "indicator": "47.84.140.90", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.140.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 3879187895, "indicator": "221.207.35.20", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 3784474112, "indicator": "120.224.150.216", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 120.224.150.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4169582945, "indicator": "116.178.130.135", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4154302072, "indicator": "36.250.221.73", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.73 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4166825418, "indicator": "36.250.220.31", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.31 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4033646542, "indicator": "118.212.122.177", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4282398707, "indicator": "8.211.9.174", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level3. 8.211.9.174 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4173772576, "indicator": "51.158.249.5", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 51.158.249.5 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4184208396, "indicator": "59.173.108.160", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 59.173.108.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4173179832, "indicator": "36.250.220.143", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 1186628076, "indicator": "109.70.100.12", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 109.70.100.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4283939871, "indicator": "34.19.127.208", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 34.19.127.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4173411712, "indicator": "36.250.221.128", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4283774265, "indicator": "161.97.98.192", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 161.97.98.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 3882010766, "indicator": "221.207.34.29", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4177557580, "indicator": "59.173.111.230", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4268030910, "indicator": "116.147.39.113", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 116.147.39.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4167701660, "indicator": "36.250.221.79", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 36.250.221.79 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4161450375, "indicator": "36.250.221.197", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.221.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4176747896, "indicator": "112.94.191.224", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.94.191.224 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4158461490, "indicator": "14.39.254.57", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 14.39.254.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 2195043262, "indicator": "60.13.6.27", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4280140988, "indicator": "66.132.195.102", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.195.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4277063005, "indicator": "111.228.24.62", "type": "IPv4", "created": "2026-03-28T14:45:41", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 111.228.24.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T14:45:40", "is_active": 1 }, { "id": 4247264778, "indicator": "8.216.5.94", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.216.5.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 3853131475, "indicator": "220.167.232.214", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4283941603, "indicator": "207.154.236.153", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 207.154.236.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4271555446, "indicator": "68.183.217.118", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 68.183.217.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4283941604, "indicator": "20.122.187.158", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 20.122.187.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4282424835, "indicator": "111.172.6.207", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 111.172.6.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4173706383, "indicator": "36.250.220.146", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4173687480, "indicator": "112.122.236.34", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.122.236.34 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4173500462, "indicator": "116.178.128.89", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4161055668, "indicator": "124.117.193.159", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 124.117.193.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4162700826, "indicator": "114.97.190.23", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4173133132, "indicator": "36.250.220.37", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.37 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4282398706, "indicator": "8.211.43.10", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 8.211.43.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4007045969, "indicator": "58.212.237.191", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.212.237.191 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4008449560, "indicator": "118.212.122.124", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4088417058, "indicator": "18.97.19.139", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 18.97.19.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4283777189, "indicator": "46.249.101.24", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 46.249.101.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4124903160, "indicator": "46.101.36.170", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 46.101.36.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4160747607, "indicator": "36.250.220.217", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.220.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4184262508, "indicator": "150.255.36.87", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 150.255.36.87 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 3929998145, "indicator": "123.245.84.211", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4170849177, "indicator": "139.212.71.158", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 139.212.71.158 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4015386810, "indicator": "123.160.174.86", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.174.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 2698336335, "indicator": "72.167.227.34", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Ashburn, United States (AS398101, GoDaddy.com, LLC). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 13m 30s; 20 events.", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4169888445, "indicator": "222.176.201.74", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4160340564, "indicator": "116.178.130.254", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4115828508, "indicator": "182.119.225.244", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.225.244 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4155204308, "indicator": "27.47.24.136", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4173133111, "indicator": "222.176.200.97", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 3862291348, "indicator": "222.94.32.218", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4280210706, "indicator": "66.132.195.105", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.195.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4023144297, "indicator": "118.212.122.136", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4177696116, "indicator": "116.178.131.150", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.150 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4173195882, "indicator": "222.176.200.247", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4283941605, "indicator": "74.48.16.46", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Los Angeles, United States (AS35916, MULTACOM CORPORATION). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 3851061658, "indicator": "220.167.233.118", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 220.167.233.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4177693981, "indicator": "59.173.108.174", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.108.174 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4144270083, "indicator": "176.65.149.254", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.65.149.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4280196736, "indicator": "66.132.195.98", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.132.195.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4173706212, "indicator": "222.176.201.42", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.42 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4283525378, "indicator": "45.15.151.153", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 45.15.151.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4157967625, "indicator": "59.173.109.100", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.109.100 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4172754482, "indicator": "36.250.220.94", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.94 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4173187313, "indicator": "36.250.221.209", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4283939705, "indicator": "5.187.35.26", "type": "IPv4", "created": "2026-03-28T15:45:53", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS206264, Amarutu Technology Ltd). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. 1 events.", "expiration": "2026-04-27T15:45:46", "is_active": 1 }, { "id": 4283981936, "indicator": "104.105.64.206", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Milan, Italy (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 181 failed login attempts, 181 credential pairs tried across 120 unique usernames. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 16m 34s; 906 events.", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4281892685, "indicator": "1.244.220.30", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 1.244.220.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4008213334, "indicator": "222.94.32.223", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 3828069793, "indicator": "123.245.85.202", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.245.85.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4282462957, "indicator": "8.211.38.67", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 8.211.38.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4283981937, "indicator": "106.117.104.150", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.104.150 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4172926307, "indicator": "36.250.221.49", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.250.221.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4164280717, "indicator": "116.178.130.230", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 2191605930, "indicator": "60.13.6.180", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4283981938, "indicator": "47.254.184.200", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.254.184.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4281800076, "indicator": "172.168.60.40", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 172.168.60.40 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 2 malware samples. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4180192270, "indicator": "50.158.184.61", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 50.158.184.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4283774287, "indicator": "172.236.176.140", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Mumbai, India (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 188 failed login attempts, 188 credential pairs tried across 110 unique usernames. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 16m 34s; 940 events.", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4057067270, "indicator": "110.177.183.215", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.183.215 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4184150250, "indicator": "112.94.190.29", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.190.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 3850750691, "indicator": "220.167.233.83", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.233.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4173290764, "indicator": "116.178.129.13", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 3981194652, "indicator": "118.212.120.115", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.212.120.115 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4158395694, "indicator": "59.173.111.222", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.111.222 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4283981939, "indicator": "154.180.233.204", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Alexandria, Egypt (AS8452, TE Data). Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. 1 events.", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4173819749, "indicator": "106.117.114.58", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.114.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4172950888, "indicator": "116.178.130.239", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4146572923, "indicator": "115.126.246.144", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 115.126.246.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 3885325062, "indicator": "220.167.232.23", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4283981940, "indicator": "204.44.119.152", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from Atlanta, United States. Observed targeting government sector honeypot backup-hp-01 via h0neytr4p. 1 events.", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4283923181, "indicator": "85.25.172.249", "type": "IPv4", "created": "2026-03-28T16:46:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Strasbourg, France (AS29066, velia.net Internetdienste GmbH). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T16:45:58", "is_active": 1 }, { "id": 4283985506, "indicator": "195.36.25.74", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 195.36.25.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4164881131, "indicator": "220.197.78.249", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 220.197.78.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4283985507, "indicator": "8.209.119.142", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 8.209.119.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4282105991, "indicator": "151.33.51.41", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 151.33.51.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 3488642822, "indicator": "27.47.25.99", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 27.47.25.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4159758613, "indicator": "14.135.75.125", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.75.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4180214757, "indicator": "112.122.237.174", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.237.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4179026265, "indicator": "27.47.24.196", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.24.196 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4154685736, "indicator": "47.149.60.223", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 47.149.60.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4080713832, "indicator": "182.119.227.10", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.227.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4176626120, "indicator": "66.167.166.242", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. Attacker IP from Pakistan (AS9541, Cyber Internet Services Pvt Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 2m 49s; 11 events.", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4283985508, "indicator": "137.184.63.156", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 3s; 9 events.", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4282103426, "indicator": "47.254.159.17", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.254.159.17 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4283985509, "indicator": "47.84.139.86", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.84.139.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4022036835, "indicator": "118.212.120.244", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.120.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4283985510, "indicator": "47.245.141.219", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.141.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4173706737, "indicator": "72.255.26.117", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 72.255.26.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4282440351, "indicator": "8.219.104.8", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.219.104.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4210293803, "indicator": "117.29.52.105", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.29.52.105 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 3854069859, "indicator": "220.167.232.66", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 3822256989, "indicator": "1.83.125.138", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4029321663, "indicator": "118.212.123.253", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.212.123.253 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4282440353, "indicator": "8.222.160.19", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 8.222.160.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4161470729, "indicator": "116.178.131.231", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4173194932, "indicator": "14.135.74.189", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 14.135.74.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 3835794795, "indicator": "221.207.34.73", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 2191603963, "indicator": "60.13.6.62", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 3871034624, "indicator": "220.167.233.220", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4282439575, "indicator": "47.84.134.69", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.134.69 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 3910734809, "indicator": "180.95.231.62", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 2921517425, "indicator": "60.13.7.115", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4162330898, "indicator": "116.178.131.170", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 3913018891, "indicator": "118.212.122.207", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.207 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4160596809, "indicator": "114.97.191.20", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 114.97.191.20 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4178797922, "indicator": "59.173.109.53", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4164881390, "indicator": "36.250.221.218", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.221.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4140678467, "indicator": "139.135.41.156", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 139.135.41.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4283985511, "indicator": "87.106.131.106", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 87.106.131.106 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 4 times when connecting to db1lapetro between 2026-03-28 16:31 and 2026-03-28 16:53 UTC.", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4283985512, "indicator": "159.89.231.117", "type": "IPv4", "created": "2026-03-28T17:46:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 6s; 6 events.", "expiration": "2026-04-27T17:46:07", "is_active": 1 }, { "id": 4177841776, "indicator": "101.249.63.14", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.63.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4160068676, "indicator": "14.135.74.143", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 14.135.74.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4179016045, "indicator": "36.250.220.229", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.250.220.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 3966535436, "indicator": "175.30.48.115", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 175.30.48.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4283987357, "indicator": "47.236.167.82", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.236.167.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4173184257, "indicator": "121.29.149.192", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4173362819, "indicator": "116.178.130.184", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4176072271, "indicator": "36.250.220.75", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 36.250.220.75 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, multi-reported).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4008564837, "indicator": "220.167.233.197", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4143481921, "indicator": "221.14.219.220", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 221.14.219.220 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to mdms1 between 2026-03-28 17:52 and 2026-03-28 17:52 UTC.", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4078883326, "indicator": "14.225.18.22", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 14.225.18.22 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 4 times when connecting to offbackup1 between 2026-03-28 17:52 and 2026-03-28 17:58 UTC.", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 3567738431, "indicator": "104.248.22.179", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 104.248.22.179 observed using TLS client fingerprint 'Unknown TLS Client (ef0b82154c8b)' 2 times when connecting to db1lapetro between 2026-03-28 17:51 and 2026-03-28 17:52 UTC.", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 2242810001, "indicator": "60.13.6.34", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4129421944, "indicator": "220.134.77.159", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 220.134.77.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 2399148313, "indicator": "221.11.60.150", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.11.60.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4176572898, "indicator": "112.94.191.212", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 112.94.191.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 3252363790, "indicator": "87.251.64.141", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP from United States (AS200730, ISAEV Igor). Observed targeting energy sector honeypot petroleum-hp-01 via dionaea. duration: 13m 15s; 8 events.", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4006777252, "indicator": "118.212.123.96", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 118.212.123.96 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4008462233, "indicator": "223.199.185.97", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 223.199.185.97 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4161047973, "indicator": "101.79.167.183", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 101.79.167.183 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 3 times when connecting to db1lapetro between 2026-03-28 17:42 and 2026-03-28 17:42 UTC.", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4283987358, "indicator": "183.191.126.134", "type": "IPv4", "created": "2026-03-28T18:46:18", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T18:46:17", "is_active": 1 }, { "id": 4262444089, "indicator": "100.53.194.34", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 100.53.194.34 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4262444088, "indicator": "100.53.171.244", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 100.53.171.244 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4262444095, "indicator": "100.55.74.138", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 100.55.74.138 classified as scanning infrastructure conducting network reconnaissance (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (reported).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4036824679, "indicator": "118.212.123.172", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.212.123.172 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4161544529, "indicator": "36.250.221.193", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.193 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4181013706, "indicator": "59.173.109.228", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.228 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4172204675, "indicator": "121.29.84.224", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.224 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 3549135339, "indicator": "182.119.225.21", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.119.225.21 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4176600070, "indicator": "116.178.129.192", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.192 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4166612460, "indicator": "116.178.131.159", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.159 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4110045369, "indicator": "8.209.108.11", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level3. 8.209.108.11 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, moderate, port-scan).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4172754298, "indicator": "222.176.201.140", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 3692503265, "indicator": "47.87.136.14", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.87.136.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 2206846558, "indicator": "1.85.216.193", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.85.216.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 2722602731, "indicator": "134.209.252.145", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 134.209.252.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4283985819, "indicator": "103.124.106.107", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 103.124.106.107 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-03-28 18:51 and 2026-03-28 18:51 UTC.", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4281966051, "indicator": "201.208.209.120", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 201.208.209.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4282439559, "indicator": "47.245.141.74", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.141.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4031379677, "indicator": "182.88.190.138", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.88.190.138 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4067073568, "indicator": "123.145.34.198", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.145.34.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4275696704, "indicator": "206.135.174.193", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 206.135.174.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4164851388, "indicator": "59.52.103.213", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.103.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 3638150230, "indicator": "110.177.181.28", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.181.28 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4282106254, "indicator": "194.163.157.65", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 194.163.157.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4225133978, "indicator": "124.29.194.65", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 124.29.194.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 3753631272, "indicator": "182.242.168.227", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 182.242.168.227 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4154877086, "indicator": "221.199.73.86", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4229889888, "indicator": "39.79.41.8", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 39.79.41.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4263829221, "indicator": "191.234.200.215", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 191.234.200.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4042204062, "indicator": "110.177.183.229", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.183.229 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 3472197231, "indicator": "60.13.6.178", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4283988335, "indicator": "8.209.77.33", "type": "IPv4", "created": "2026-03-28T19:46:29", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP from Frankfurt am Main, Germany (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 22s; 3 events.", "expiration": "2026-04-27T19:46:27", "is_active": 1 }, { "id": 4284090048, "indicator": "47.84.207.245", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.207.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4283938788, "indicator": "185.231.33.30", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.231.33.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4161542126, "indicator": "116.178.131.204", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4284090049, "indicator": "64.225.103.73", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 64.225.103.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4283941322, "indicator": "134.209.247.242", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 134.209.247.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4041104045, "indicator": "164.90.180.24", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 164.90.180.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4165810055, "indicator": "69.5.189.112", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 69.5.189.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4226925002, "indicator": "220.135.250.248", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 220.135.250.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4282439578, "indicator": "47.84.136.253", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.136.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 3825237880, "indicator": "123.245.84.193", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4172752787, "indicator": "106.75.98.60", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 106.75.98.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 3670099643, "indicator": "122.96.28.160", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 122.96.28.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4172969333, "indicator": "106.117.105.244", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.105.244 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4166888222, "indicator": "116.178.130.48", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4160188371, "indicator": "58.243.46.79", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 58.243.46.79 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4143687640, "indicator": "72.255.26.58", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 72.255.26.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4284090050, "indicator": "157.245.86.33", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. duration: 45s; 10 events.", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4283764792, "indicator": "94.141.69.146", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 94.141.69.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4177486259, "indicator": "59.173.111.45", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.45 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4283709317, "indicator": "47.84.136.133", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.136.133 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 281203502, "indicator": "123.191.133.39", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.191.133.39 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4180328122, "indicator": "59.173.109.147", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.109.147 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 3994407995, "indicator": "18.97.5.78", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 18.97.5.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4284090051, "indicator": "216.9.225.88", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 216.9.225.88 observed using TLS client fingerprint 'Unknown TLS Client (3b5052d0aa46)' 2 times when connecting to mdms1 between 2026-03-28 19:48 and 2026-03-28 19:48 UTC.", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4282422954, "indicator": "47.84.107.200", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4026852703, "indicator": "118.212.123.17", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4168514169, "indicator": "59.173.110.71", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.110.71 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4182686812, "indicator": "27.47.27.214", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.27.214 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4283978541, "indicator": "171.243.149.203", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from B?o L?c, Vietnam (AS7552, Viettel Group). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 4m 5s; 10 events.", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4281822024, "indicator": "35.225.56.202", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Council Bluffs, United States (AS396982, Google LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 5m 53s; 15 events.", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4126103953, "indicator": "51.75.119.173", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 51.75.119.173 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 3 times when connecting to db1lapetro between 2026-03-28 19:04 and 2026-03-28 19:04 UTC.", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4281785464, "indicator": "50.99.170.152", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 50.99.170.152 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 20 times when connecting to db4lamedtech between 2026-03-28 18:30 and 2026-03-28 19:53 UTC.", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4283777202, "indicator": "172.236.188.36", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 172.236.188.36 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 577 times when connecting to offbackup1 between 2026-03-28 18:18 and 2026-03-28 19:08 UTC.", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 2275898039, "indicator": "165.227.197.65", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. 1 events.", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 4284090052, "indicator": "47.84.203.213", "type": "IPv4", "created": "2026-03-28T20:46:44", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 23s; 3 events.", "expiration": "2026-04-27T20:46:36", "is_active": 1 }, { "id": 3917623341, "indicator": "88.250.39.233", "type": "IPv4", "created": "2026-03-28T21:46:51", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 88.250.39.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T21:46:50", "is_active": 1 }, { "id": 4283985836, "indicator": "222.99.15.195", "type": "IPv4", "created": "2026-03-28T21:46:51", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Suwon, South Korea (AS4766, Korea Telecom). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killi...", "expiration": "2026-04-27T21:46:50", "is_active": 1 }, { "id": 4218268957, "indicator": "117.29.52.56", "type": "IPv4", "created": "2026-03-28T21:46:51", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.29.52.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T21:46:50", "is_active": 1 }, { "id": 4283774105, "indicator": "151.242.30.119", "type": "IPv4", "created": "2026-03-28T21:46:51", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United Arab Emirates (AS214209, Internet Magnate (Pty) Ltd). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 13m 2s; 25 events.", "expiration": "2026-04-27T21:46:50", "is_active": 1 }, { "id": 3299519414, "indicator": "175.107.3.196", "type": "IPv4", "created": "2026-03-28T21:46:51", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Taxila, Pakistan (AS23888, National Telecommunication Corporation HQ). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 2m 23s; 23 events.", "expiration": "2026-04-27T21:46:50", "is_active": 1 }, { "id": 4243349376, "indicator": "8.211.162.191", "type": "IPv4", "created": "2026-03-28T21:46:51", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.211.162.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T21:46:50", "is_active": 1 }, { "id": 4052928679, "indicator": "171.37.47.251", "type": "IPv4", "created": "2026-03-28T21:46:51", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.47.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T21:46:50", "is_active": 1 }, { "id": 4284092326, "indicator": "45.95.212.145", "type": "IPv4", "created": "2026-03-28T21:46:51", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Tokyo, Japan (AS209554, ISIF OU). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewa...", "expiration": "2026-04-27T21:46:50", "is_active": 1 }, { "id": 4206005313, "indicator": "72.255.17.242", "type": "IPv4", "created": "2026-03-28T21:46:51", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 72.255.17.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T21:46:50", "is_active": 1 }, { "id": 4283985801, "indicator": "20.197.233.108", "type": "IPv4", "created": "2026-03-28T21:46:51", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.197.233.108 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 143 times when connecting to db4lamedtech between 2026-03-28 20:00 and 2026-03-28 20:00 UTC.", "expiration": "2026-04-27T21:46:50", "is_active": 1 }, { "id": 4284092327, "indicator": "171.243.150.40", "type": "IPv4", "created": "2026-03-28T21:46:51", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 171.243.150.40 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 10 times when connecting to db1lapetro between 2026-03-28 19:31 and 2026-03-28 20:02 UTC.", "expiration": "2026-04-27T21:46:50", "is_active": 1 }, { "id": 3590800997, "indicator": "27.147.28.51", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.147.28.51 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4169160448, "indicator": "116.178.130.62", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4173499030, "indicator": "114.97.191.226", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.226 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4180403582, "indicator": "117.25.124.44", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 117.25.124.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4166612648, "indicator": "121.29.84.31", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.84.31 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4177138794, "indicator": "110.177.176.167", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.176.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4284093685, "indicator": "165.245.168.40", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.245.168.40 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4284093686, "indicator": "165.245.168.19", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.245.168.19 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4171940849, "indicator": "36.250.221.18", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4166202794, "indicator": "36.250.220.197", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 36.250.220.197 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4283985874, "indicator": "1.94.18.250", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 1.94.18.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4284093687, "indicator": "206.135.161.26", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 206.135.161.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 3876337033, "indicator": "182.119.228.170", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.228.170 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4284093688, "indicator": "72.10.132.18", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 72.10.132.18 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 3845606690, "indicator": "221.207.34.247", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.34.247 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4196810880, "indicator": "111.50.143.78", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 111.50.143.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4035267661, "indicator": "119.75.76.18", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 119.75.76.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4284093689, "indicator": "58.35.107.120", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 58.35.107.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 3938313286, "indicator": "209.38.20.25", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 13m 27s; 25 events.", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 3850285883, "indicator": "220.167.232.220", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4182974309, "indicator": "116.178.128.176", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4284093690, "indicator": "52.68.1.103", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 52.68.1.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4283763727, "indicator": "47.84.188.205", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.188.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4164879034, "indicator": "114.97.191.103", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4177118699, "indicator": "27.47.25.74", "type": "IPv4", "created": "2026-03-28T22:46:59", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.74 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T22:46:58", "is_active": 1 }, { "id": 4268229966, "indicator": "103.243.4.171", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 103.243.4.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4282410794, "indicator": "103.106.188.32", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Hong Kong (AS401696, cognetcloud INC) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persist...", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 3630323640, "indicator": "165.22.60.26", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.22.60.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 3467336202, "indicator": "36.106.167.105", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4176884791, "indicator": "27.47.24.117", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.24.117 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4169915237, "indicator": "27.47.24.82", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.24.82 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 3924569314, "indicator": "123.245.84.24", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 123.245.84.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 3236660513, "indicator": "60.13.6.191", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 3885918603, "indicator": "118.212.122.83", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.83 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4178819849, "indicator": "117.25.122.16", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 117.25.122.16 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4169413749, "indicator": "59.173.111.244", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4278828268, "indicator": "112.26.153.39", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 112.26.153.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 2131052245, "indicator": "36.106.167.250", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4282428836, "indicator": "8.209.90.17", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 8.209.90.17 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 3913884175, "indicator": "106.75.66.169", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 106.75.66.169 observed using HTTP client fingerprint 'HTTP Client: Go-http-client/1.1' 5 times when connecting to db1lapetro between 2026-03-28 23:05 and 2026-03-28 23:05 UTC.", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4180315098, "indicator": "112.94.189.178", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.189.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4167506514, "indicator": "114.97.190.18", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4284099440, "indicator": "217.21.210.76", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 217.21.210.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4179020148, "indicator": "59.173.108.188", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 59.173.108.188 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4172206734, "indicator": "222.176.201.174", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 3665241578, "indicator": "27.47.26.210", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.26.210 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4284099441, "indicator": "106.75.66.75", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 106.75.66.75 observed using TLS client fingerprint 'Unknown TLS Client (60877a328763)' 4 times when connecting to db1lapetro between 2026-03-28 23:04 and 2026-03-28 23:04 UTC.", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 3146986468, "indicator": "102.39.242.53", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 102.39.242.53 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4088181314, "indicator": "24.83.60.18", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 24.83.60.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4009363910, "indicator": "183.191.29.111", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 183.191.29.111 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4152671631, "indicator": "74.207.252.24", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 74.207.252.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4173147144, "indicator": "123.14.122.222", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.14.122.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4284099442, "indicator": "143.198.140.205", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 143.198.140.205 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 3 times when connecting to db4lamedtech between 2026-03-28 22:40 and 2026-03-28 22:46 UTC.", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4284099443, "indicator": "139.59.80.160", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 139.59.80.160 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 8 times when connecting to mdms1 between 2026-03-28 22:34 and 2026-03-28 22:46 UTC.", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4284099444, "indicator": "137.184.15.194", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 137.184.15.194 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 4 times when connecting to mdms1 between 2026-03-28 22:35 and 2026-03-28 22:46 UTC.", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4178276528, "indicator": "134.209.30.66", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Slough, United Kingdom (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. 2 events.", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4284099445, "indicator": "46.101.72.19", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 46.101.72.19 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 2 times when connecting to db4lamedtech between 2026-03-28 22:26 and 2026-03-28 22:29 UTC.", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 3619626068, "indicator": "144.126.192.9", "type": "IPv4", "created": "2026-03-28T23:47:06", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 144.126.192.9 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 3 times when connecting to db1lapetro between 2026-03-28 22:25 and 2026-03-28 22:31 UTC.", "expiration": "2026-04-27T23:47:05", "is_active": 1 }, { "id": 4012297221, "indicator": "139.212.69.166", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 139.212.69.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4040230749, "indicator": "209.38.193.124", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 209.38.193.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4282397913, "indicator": "47.254.154.147", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.254.154.147 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4283848430, "indicator": "47.84.109.187", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.109.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 3857586528, "indicator": "222.94.32.133", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4164371942, "indicator": "121.29.149.201", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 3675758524, "indicator": "101.198.0.155", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 101.198.0.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4166822112, "indicator": "116.178.130.22", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.178.130.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4284105025, "indicator": "47.84.191.55", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.191.55 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4229890856, "indicator": "95.210.111.203", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 95.210.111.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4284105026, "indicator": "47.91.75.137", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.91.75.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4284105027, "indicator": "201.77.174.235", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 201.77.174.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4284105028, "indicator": "120.92.165.183", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 120.92.165.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 3912061716, "indicator": "58.212.237.232", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4041926448, "indicator": "87.121.84.102", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Houston, United States (AS215925, Vpsvault.host Ltd) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. 1 events.", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 1459230335, "indicator": "27.115.124.69", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 27.115.124.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4275685945, "indicator": "73.140.151.155", "type": "IPv4", "created": "2026-03-29T00:47:13", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 73.140.151.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T00:47:11", "is_active": 1 }, { "id": 4044995590, "indicator": "171.36.6.168", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 171.36.6.168 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 2997673241, "indicator": "36.106.167.239", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4181200528, "indicator": "60.16.199.49", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 60.16.199.49 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4272944875, "indicator": "117.34.209.219", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.34.209.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4183181269, "indicator": "27.47.27.74", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.27.74 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 3951317183, "indicator": "180.95.231.6", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4177385606, "indicator": "110.90.224.217", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 110.90.224.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4283774044, "indicator": "119.96.81.99", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 119.96.81.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4268198093, "indicator": "183.191.28.228", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 183.191.28.228 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4284106950, "indicator": "165.227.149.73", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 165.227.149.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4173373932, "indicator": "58.243.47.36", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 58.243.47.36 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4173771360, "indicator": "112.122.236.165", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.236.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4176715279, "indicator": "14.135.74.26", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4158291662, "indicator": "121.29.149.253", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.253 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4155336496, "indicator": "36.250.221.107", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4169411189, "indicator": "116.178.131.51", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 116.178.131.51 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4278318459, "indicator": "152.42.237.127", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 7m 7s; 15 events.", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4176696428, "indicator": "116.178.128.27", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.128.27 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4283837471, "indicator": "47.254.156.248", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.156.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 3935965629, "indicator": "146.190.241.65", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 146.190.241.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4006571326, "indicator": "221.207.35.87", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4284106951, "indicator": "176.109.221.36", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 176.109.221.36 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, iot-targeted, low).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4173791475, "indicator": "222.176.200.197", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4031219971, "indicator": "139.212.71.193", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 139.212.71.193 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4019762172, "indicator": "118.212.122.159", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4284106952, "indicator": "8.209.100.130", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.209.100.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 3380295955, "indicator": "101.249.63.110", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.63.110 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 1262306285, "indicator": "221.207.34.217", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 221.207.34.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4243345537, "indicator": "8.216.17.163", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.216.17.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4026510483, "indicator": "171.36.7.24", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 171.36.7.24 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4174305233, "indicator": "36.250.220.66", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4245400299, "indicator": "58.19.77.114", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.19.77.114 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4175596623, "indicator": "121.29.149.80", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.80 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 3263278199, "indicator": "180.95.231.13", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 180.95.231.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 2603120281, "indicator": "1.85.218.180", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.85.218.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4177427536, "indicator": "59.173.110.63", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4284106953, "indicator": "168.90.183.238", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 168.90.183.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4283941325, "indicator": "167.99.132.27", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Frankfurt am Main, Germany (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 2s; 2 events.", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4281892584, "indicator": "45.125.45.236", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS139180, Shandong eshinton Network Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 12m 36s; 25 events.", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 3756188443, "indicator": "182.242.168.198", "type": "IPv4", "created": "2026-03-29T01:47:21", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-28T01:47:19", "is_active": 1 }, { "id": 4272956908, "indicator": "175.140.229.190", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 175.140.229.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4280295108, "indicator": "112.170.244.253", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 112.170.244.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4162603841, "indicator": "221.199.73.109", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4283848434, "indicator": "47.84.132.145", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.132.145 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4283774023, "indicator": "193.37.70.108", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Frankfurt am Main, Germany (AS199785, Cloud Hosting Solutions, Limited.) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration...", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4284108218, "indicator": "103.26.86.81", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 103.26.86.81 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4173299233, "indicator": "116.178.130.11", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.11 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4284108219, "indicator": "115.190.177.41", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 115.190.177.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4284108220, "indicator": "139.59.96.248", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:reported. 139.59.96.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 3020808708, "indicator": "110.177.182.221", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.182.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4041791286, "indicator": "8.211.35.24", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.211.35.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4173362817, "indicator": "222.176.201.126", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 3363383319, "indicator": "51.195.196.29", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 51.195.196.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4282397909, "indicator": "47.245.139.32", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.139.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4284108221, "indicator": "45.129.98.131", "type": "IPv4", "created": "2026-03-29T02:47:30", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 45.129.98.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T02:47:29", "is_active": 1 }, { "id": 4227130072, "indicator": "64.227.191.51", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.191.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4284203090, "indicator": "112.122.237.210", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.237.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4230003439, "indicator": "59.173.108.156", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.108.156 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4172752578, "indicator": "101.249.63.13", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.249.63.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4281950641, "indicator": "47.245.134.150", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.134.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4275684343, "indicator": "66.132.224.23", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.132.224.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4284203091, "indicator": "47.254.176.60", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.254.176.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4284203092, "indicator": "112.162.155.242", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 112.162.155.242 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (4 commands). Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4277159393, "indicator": "216.57.110.81", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 216.57.110.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4165501069, "indicator": "222.97.67.177", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, commands:executed. Attacker IP from Hamyang-gun, South Korea (AS4766, Korea Telecom). Observed targeting energy sector honeypot petroleum-hp-01 via adbhoney. Session included execution of 4 post-compromise commands, delivery of 2 malware samples. duration: 15s; 6 events.", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4080766764, "indicator": "150.255.54.1", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 150.255.54.1 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4284203093, "indicator": "194.116.236.215", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 194.116.236.215 observed using TLS client fingerprint 'Unknown TLS Client (3b5052d0aa46)' 2 times when connecting to db4lamedtech between 2026-03-29 02:54 and 2026-03-29 02:54 UTC.", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4282461964, "indicator": "47.245.129.12", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.129.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4266799406, "indicator": "85.225.135.134", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 85.225.135.134 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4164851391, "indicator": "124.117.192.126", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 124.117.192.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4281005598, "indicator": "217.216.78.117", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 217.216.78.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4282102049, "indicator": "47.84.134.122", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.134.122 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (critical, exploited-host, hacking).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4227808991, "indicator": "175.12.63.1", "type": "IPv4", "created": "2026-03-29T03:47:38", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 175.12.63.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T03:47:36", "is_active": 1 }, { "id": 4173674917, "indicator": "116.178.128.238", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.128.238 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4157194675, "indicator": "108.190.6.41", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 108.190.6.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4164879212, "indicator": "121.29.149.44", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4199664270, "indicator": "69.5.189.197", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Seychelles (AS42624, Global-Data System IT Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. duration: 21s; 2 events.", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4255804727, "indicator": "124.152.76.175", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 124.152.76.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4247279350, "indicator": "78.186.182.188", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 78.186.182.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4125944302, "indicator": "69.5.189.7", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Seychelles (AS42624, Global-Data System IT Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. duration: 53s; 2 events.", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4199664271, "indicator": "69.5.189.194", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Seychelles (AS42624, Global-Data System IT Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. duration: 2m 30s; 2 events.", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4284208729, "indicator": "113.31.111.110", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 113.31.111.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4180613381, "indicator": "201.71.145.229", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 201.71.145.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4283774234, "indicator": "198.23.187.223", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 198.23.187.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4047033547, "indicator": "171.37.47.202", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 171.37.47.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 3425425301, "indicator": "175.107.1.226", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Taxila, Pakistan (AS23888, National Telecommunication Corporation HQ). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 3m 41s; 32 events.", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 2131372246, "indicator": "123.163.114.187", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.163.114.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4172754301, "indicator": "222.176.201.182", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4173648449, "indicator": "222.176.201.208", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.208 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4058047103, "indicator": "117.40.114.184", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 117.40.114.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 3756736550, "indicator": "182.242.168.168", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 182.242.168.168 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 3938063098, "indicator": "146.190.241.52", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 146.190.241.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4178882489, "indicator": "139.59.40.171", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 139.59.40.171 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db1lapetro between 2026-03-29 03:18 and 2026-03-29 03:18 UTC.", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4125941312, "indicator": "45.94.31.24", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.94.31.24 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (iPhone; CPU iPhone OS 17_2 like Mac OS X) Apple...' 2 times when connecting to db4lamedtech between 2026-03-29 03:13 and 2026-03-29 03:13 UTC.", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4284208730, "indicator": "117.13.170.241", "type": "IPv4", "created": "2026-03-29T04:47:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Tianjin, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-28T04:47:55", "is_active": 1 }, { "id": 4283848426, "indicator": "47.245.143.40", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.245.143.40 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 4171262360, "indicator": "36.250.220.129", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.220.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 4284220283, "indicator": "64.23.163.137", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.23.163.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 4284218844, "indicator": "209.92.184.26", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 4282428055, "indicator": "47.84.132.180", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.132.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 4020768263, "indicator": "165.154.6.82", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 165.154.6.82 observed using TLS client fingerprint 'Unknown TLS Client (60877a328763)' 2 times when connecting to mdms1 between 2026-03-29 05:04 and 2026-03-29 05:04 UTC.", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 3943869172, "indicator": "152.32.169.25", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 152.32.169.25 observed using TLS client fingerprint 'Unknown TLS Client (60877a328763)' 2 times when connecting to mdms1 between 2026-03-29 05:03 and 2026-03-29 05:03 UTC.", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 3780518357, "indicator": "182.242.169.73", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.169.73 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 4175597053, "indicator": "36.250.221.83", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 4284220284, "indicator": "27.47.26.135", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.135 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 4284220285, "indicator": "47.84.142.25", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.142.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 4166616014, "indicator": "93.39.238.135", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 93.39.238.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 4177754362, "indicator": "36.250.220.158", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 4038257372, "indicator": "118.212.121.151", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 4281966229, "indicator": "103.187.146.33", "type": "IPv4", "created": "2026-03-29T05:48:07", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.187.146.33 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 21 times when connecting to db4lamedtech between 2026-03-29 03:47 and 2026-03-29 04:49 UTC.", "expiration": "2026-04-28T05:48:06", "is_active": 1 }, { "id": 3693975954, "indicator": "182.119.224.207", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 182.119.224.207 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4168957184, "indicator": "156.226.183.132", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 156.226.183.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 3666625146, "indicator": "159.65.153.141", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 159.65.153.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4272708925, "indicator": "202.44.238.155", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 202.44.238.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4275726287, "indicator": "2.67.175.81", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 2.67.175.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 3746393548, "indicator": "62.3.58.42", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 62.3.58.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4160594562, "indicator": "223.166.22.150", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 223.166.22.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4282409239, "indicator": "47.84.140.62", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.140.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4179691266, "indicator": "222.176.200.32", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4266739837, "indicator": "116.169.217.87", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 116.169.217.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 3559921071, "indicator": "87.236.176.61", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4173563268, "indicator": "112.94.188.210", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.188.210 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4282313177, "indicator": "185.38.148.2", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.38.148.2 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-03-29 06:15 and 2026-03-29 06:15 UTC.", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 3190357182, "indicator": "93.158.90.67", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 93.158.90.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4283702721, "indicator": "8.209.109.4", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.209.109.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4008675791, "indicator": "185.196.31.172", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 185.196.31.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 3338074922, "indicator": "110.177.181.102", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.181.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 3732628007, "indicator": "146.88.241.87", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 146.88.241.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4284220749, "indicator": "104.168.99.194", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 104.168.99.194 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-03-29 05:38 and 2026-03-29 05:38 UTC.", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4157965204, "indicator": "152.67.46.203", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 152.67.46.203 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 22 times when connecting to offbackup1 between 2026-03-29 05:15 and 2026-03-29 06:22 UTC.", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4162511015, "indicator": "74.7.241.26", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 74.7.241.26 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl...' 11 times when connecting to mdms1 between 2026-03-29 05:13 and 2026-03-29 05:14 UTC.", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4284222972, "indicator": "74.7.243.252", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 74.7.243.252 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl...' 75 times when connecting to db4lamedtech between 2026-03-29 05:13 and 2026-03-29 05:15 UTC.", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4284208888, "indicator": "109.248.42.19", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 109.248.42.19 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 4 times when connecting to db4lamedtech between 2026-03-29 04:38 and 2026-03-29 04:48 UTC.", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4254250657, "indicator": "200.155.66.2", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 200.155.66.2 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 21 times when connecting to offbackup1 between 2026-03-29 04:27 and 2026-03-29 05:38 UTC.", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4281964974, "indicator": "114.10.47.178", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 114.10.47.178 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 15 times when connecting to db1lapetro between 2026-03-29 04:29 and 2026-03-29 05:14 UTC.", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 4015975027, "indicator": "103.117.57.106", "type": "IPv4", "created": "2026-03-29T06:48:19", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.117.57.106 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to offbackup1 between 2026-03-29 04:29 and 2026-03-29 05:09 UTC.", "expiration": "2026-04-28T06:48:16", "is_active": 1 }, { "id": 3877391148, "indicator": "222.94.32.108", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4163295430, "indicator": "114.97.190.92", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4284223878, "indicator": "117.25.122.42", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 117.25.122.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 3946125200, "indicator": "178.141.244.61", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 178.141.244.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 3932739366, "indicator": "123.245.84.3", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4143241337, "indicator": "139.135.46.214", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 139.135.46.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4214683958, "indicator": "58.243.47.85", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.47.85 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4281785779, "indicator": "27.79.190.121", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Hanoi, Vietnam (AS7552, Viettel Group). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 38s; 10 events.", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4068420891, "indicator": "211.250.12.75", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 211.250.12.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4167699616, "indicator": "116.178.131.3", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4160278165, "indicator": "164.164.5.66", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 164.164.5.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4284223879, "indicator": "47.84.134.255", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.134.255 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4284223880, "indicator": "92.249.137.189", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 92.249.137.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4283834397, "indicator": "42.55.44.193", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 42.55.44.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4170183596, "indicator": "222.176.200.42", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4125500798, "indicator": "178.16.54.22", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Amsterdam, The Netherlands (AS202412, Omegatech LTD). Observed targeting energy sector honeypot petroleum-hp-01 via mailoney. duration: 1s; 4 events.", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4177150707, "indicator": "36.250.220.204", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4283985587, "indicator": "181.23.124.239", "type": "IPv4", "created": "2026-03-29T07:48:28", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 181.23.124.239 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 20 times when connecting to offbackup1 between 2026-03-29 05:32 and 2026-03-29 07:13 UTC.", "expiration": "2026-04-28T07:48:25", "is_active": 1 }, { "id": 4169113597, "indicator": "27.47.25.103", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.25.103 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4173357137, "indicator": "110.90.106.165", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.90.106.165 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (reported).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 3911081920, "indicator": "110.177.183.35", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.183.35 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4284254745, "indicator": "60.16.218.216", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.16.218.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4284237454, "indicator": "47.84.141.109", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.141.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4154659957, "indicator": "36.250.221.30", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4283774072, "indicator": "172.83.83.216", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.83.83.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4282439574, "indicator": "47.84.134.36", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.134.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 3854552516, "indicator": "222.94.32.212", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 222.94.32.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4282428058, "indicator": "47.84.135.140", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.135.140 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4172911454, "indicator": "36.250.221.211", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.221.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4182457645, "indicator": "112.122.237.114", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 2711623203, "indicator": "180.95.231.24", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 180.95.231.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4010945430, "indicator": "139.212.68.206", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 139.212.68.206 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4161542624, "indicator": "14.135.74.159", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 14.135.74.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4175597052, "indicator": "36.250.221.15", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4172313613, "indicator": "36.250.220.191", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.191 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4015518825, "indicator": "171.36.7.47", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.36.7.47 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 3890020213, "indicator": "221.207.34.86", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 3879770298, "indicator": "118.212.122.31", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.122.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4154864358, "indicator": "14.135.75.83", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.75.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 3778377422, "indicator": "182.242.168.171", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.168.171 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4021674871, "indicator": "45.156.129.194", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.156.129.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4179797218, "indicator": "27.47.24.151", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 27.47.24.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4007195406, "indicator": "171.37.191.33", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.37.191.33 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4284229336, "indicator": "47.254.177.253", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.177.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4263881400, "indicator": "159.89.6.222", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 159.89.6.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 2984234908, "indicator": "60.13.7.100", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 60.13.7.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4161340689, "indicator": "114.97.191.243", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4169141176, "indicator": "222.176.201.132", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4175647404, "indicator": "36.250.220.170", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4274340534, "indicator": "189.231.148.66", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Delicias, Mexico (AS8151, UNINET). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4048895955, "indicator": "59.50.91.137", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 59.50.91.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4160273091, "indicator": "27.47.25.66", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.66 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4176072272, "indicator": "36.250.221.21", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 3784667387, "indicator": "182.242.169.26", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.169.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 3419892622, "indicator": "188.59.108.39", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 188.59.108.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4284254746, "indicator": "185.73.84.45", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.73.84.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 409658514, "indicator": "123.163.114.63", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.163.114.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 4271634282, "indicator": "45.135.193.131", "type": "IPv4", "created": "2026-03-29T08:48:33", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.135.193.131 observed using TLS client fingerprint 'Unknown TLS Client (849a25ecc90f)' 250 times when connecting to db1lapetro between 2026-03-29 07:27 and 2026-03-29 07:27 UTC.", "expiration": "2026-04-28T08:48:32", "is_active": 1 }, { "id": 3850291466, "indicator": "182.88.191.195", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.88.191.195 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4282471374, "indicator": "47.84.100.224", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.100.224 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4283848423, "indicator": "47.245.137.43", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.245.137.43 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4284220508, "indicator": "43.248.184.71", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 43.248.184.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4280196618, "indicator": "46.29.238.108", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Nordland, Norway (AS215540, Global Connectivity Solutions Llp). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persi...", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4057638782, "indicator": "223.199.185.235", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 223.199.185.235 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4272932738, "indicator": "107.150.119.24", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hong Kong, Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: ...", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4177138021, "indicator": "117.25.124.185", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.25.124.185 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4016113295, "indicator": "139.212.68.223", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 139.212.68.223 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 3850295452, "indicator": "44.220.185.168", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.185.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4176760724, "indicator": "116.178.129.12", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4283848428, "indicator": "47.254.147.11", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.254.147.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4118651625, "indicator": "59.52.101.212", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.52.101.212 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4283712643, "indicator": "150.116.204.225", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 150.116.204.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4282100858, "indicator": "198.27.13.222", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 198.27.13.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4173705251, "indicator": "139.135.60.2", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 139.135.60.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 3855607131, "indicator": "118.212.121.56", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4284256883, "indicator": "121.178.201.75", "type": "IPv4", "created": "2026-03-29T09:49:08", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 121.178.201.75 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T09:48:38", "is_active": 1 }, { "id": 4283774266, "indicator": "154.12.82.78", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 154.12.82.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4283837468, "indicator": "47.245.138.189", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.138.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3850285476, "indicator": "1.83.125.78", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 1.83.125.78 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4168394159, "indicator": "116.178.130.12", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3849741200, "indicator": "220.167.233.147", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.233.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4227809238, "indicator": "184.166.209.201", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 184.166.209.201 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3330346081, "indicator": "182.119.224.15", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.224.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4197076577, "indicator": "8.208.26.75", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 8.208.26.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4250963869, "indicator": "178.128.45.174", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 178.128.45.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 435240101, "indicator": "123.191.133.51", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.191.133.51 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3628349341, "indicator": "85.30.212.24", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Moscow, Russia (AS42610, Rostelecom). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. 1 events.", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4284257751, "indicator": "68.58.16.99", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 68.58.16.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4284257752, "indicator": "62.68.153.3", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 62.68.153.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3859686568, "indicator": "118.212.120.230", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.230 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3850290653, "indicator": "44.220.185.34", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 44.220.185.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4163316259, "indicator": "175.107.228.171", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 175.107.228.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4007987111, "indicator": "180.95.238.82", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3865441468, "indicator": "44.220.188.80", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3895293031, "indicator": "118.212.120.12", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4176369638, "indicator": "116.178.128.144", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4011589307, "indicator": "185.247.137.87", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3740020818, "indicator": "34.68.34.87", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 34.68.34.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3950026511, "indicator": "8.34.210.39", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. IP observed in Suricata network metadata", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3748027672, "indicator": "34.68.34.79", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack, cowrie. IP observed in Suricata network metadata", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4174836976, "indicator": "101.249.63.226", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.63.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4282398700, "indicator": "8.209.112.87", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 8.209.112.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4277162073, "indicator": "66.132.186.211", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.132.186.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4173191111, "indicator": "59.173.111.74", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 59.173.111.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3670029778, "indicator": "36.106.167.103", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3851013498, "indicator": "118.212.120.84", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4284257753, "indicator": "51.107.78.131", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:reported. Attacker IP 51.107.78.131 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 197 times when connecting to db4lamedtech between 2026-03-29 09:46 and 2026-03-29 09:47 UTC.", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4168976967, "indicator": "27.47.24.63", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.24.63 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3826671482, "indicator": "220.249.151.228", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 220.249.151.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4172947760, "indicator": "36.250.220.137", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3827911102, "indicator": "220.167.232.65", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3900738791, "indicator": "123.245.84.226", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4166612379, "indicator": "114.97.190.243", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 3630300968, "indicator": "159.203.44.105", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 159.203.44.105 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 zgrab/0.x' 2 times when connecting to offbackup1 between 2026-03-29 09:14 and 2026-03-29 09:14 UTC.", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4160195200, "indicator": "36.250.220.193", "type": "IPv4", "created": "2026-03-29T10:51:16", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-28T10:50:10", "is_active": 1 }, { "id": 4028255470, "indicator": "118.212.123.179", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 118.212.123.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4283942121, "indicator": "160.72.54.150", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 160.72.54.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4283527988, "indicator": "60.23.74.163", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 60.23.74.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4135971485, "indicator": "139.135.46.251", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 139.135.46.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 2975512889, "indicator": "60.13.7.249", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4179311823, "indicator": "222.176.200.21", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 3732422591, "indicator": "27.47.26.73", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.26.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 1829883863, "indicator": "157.230.241.63", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 157.230.241.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4172950887, "indicator": "59.173.110.192", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.110.192 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4165501263, "indicator": "36.250.221.121", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4169913639, "indicator": "116.178.129.57", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4284260897, "indicator": "1.92.156.21", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.92.156.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4173031409, "indicator": "36.250.221.194", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4145621764, "indicator": "180.111.30.82", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.111.30.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4284260898, "indicator": "8.209.76.107", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 8.209.76.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4163066158, "indicator": "121.29.84.251", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 121.29.84.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4180214956, "indicator": "27.47.26.54", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.54 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4165942477, "indicator": "116.178.131.34", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4180999747, "indicator": "116.178.128.93", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 3757168437, "indicator": "182.242.169.18", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.169.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4168862079, "indicator": "58.243.46.198", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.243.46.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 3943104642, "indicator": "44.220.185.55", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 44.220.185.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4282439567, "indicator": "47.84.100.58", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.100.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4173914914, "indicator": "27.47.27.90", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.27.90 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4280295097, "indicator": "101.201.104.216", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 101.201.104.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4284260899, "indicator": "64.225.73.53", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 64.225.73.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 1919361560, "indicator": "134.209.66.166", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 134.209.66.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4053248519, "indicator": "118.212.121.227", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4006643346, "indicator": "221.207.35.1", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4177108455, "indicator": "36.250.221.189", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4092985125, "indicator": "8.222.252.209", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 8.222.252.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4284203119, "indicator": "171.83.24.80", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 171.83.24.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4057954802, "indicator": "123.191.143.118", "type": "IPv4", "created": "2026-03-29T11:51:39", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Shenyang, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-28T11:51:38", "is_active": 1 }, { "id": 4284255258, "indicator": "171.243.151.30", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from B?o L?c, Vietnam (AS7552, Viettel Group). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 2s; 5 events.", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4284256301, "indicator": "171.231.180.86", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Da Nang, Vietnam (AS7552, Viettel Group). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 6 unique usernames. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 13m 0s; 37 events.", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4161222494, "indicator": "221.208.113.146", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 221.208.113.146 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 3759599002, "indicator": "182.242.169.111", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.169.111 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4176579635, "indicator": "222.176.201.154", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.154 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4167277695, "indicator": "121.29.149.55", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4165434145, "indicator": "124.90.54.200", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 124.90.54.200 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4154477893, "indicator": "36.250.221.123", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.221.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4173687491, "indicator": "222.176.201.180", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4007869963, "indicator": "118.212.121.42", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.42 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4011488043, "indicator": "185.247.137.152", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4284299151, "indicator": "176.12.76.109", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.12.76.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4284299152, "indicator": "8.209.126.67", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Frankfurt am Main, Germany (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4102813707, "indicator": "58.216.132.5", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 58.216.132.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4284299153, "indicator": "105.224.222.153", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 105.224.222.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4164239437, "indicator": "114.97.190.233", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.233 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4007957929, "indicator": "123.245.85.151", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4172206814, "indicator": "36.250.220.200", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.220.200 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4165501265, "indicator": "36.250.221.152", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4206173982, "indicator": "117.25.124.168", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.25.124.168 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4043379141, "indicator": "171.36.6.2", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.36.6.2 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4006849697, "indicator": "118.212.122.152", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.122.152 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 3768037576, "indicator": "180.95.231.30", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 3853418209, "indicator": "123.245.84.91", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.91 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 3854827641, "indicator": "220.167.232.155", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4283529256, "indicator": "87.106.142.183", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Germany (AS8560, IONOS SE). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 6m 56s; 15 events.", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4284299154, "indicator": "161.118.213.44", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 161.118.213.44 observed using TLS client fingerprint 'Unknown TLS Client (f354dd785da0)' 4 times when connecting to db4lamedtech between 2026-03-29 11:26 and 2026-03-29 11:26 UTC.", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 3758118399, "indicator": "182.242.168.152", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 3580080095, "indicator": "107.173.37.94", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 107.173.37.94 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 22 times when connecting to offbackup1 between 2026-03-29 10:43 and 2026-03-29 11:50 UTC.", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4284299155, "indicator": "68.155.154.218", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Quer\u00e9taro, Mexico. Observed targeting healthcare sector honeypot medtech-hp-01 via h0neytr4p. duration: 3s; 57 events.", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4284255517, "indicator": "38.109.112.180", "type": "IPv4", "created": "2026-03-29T12:51:46", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Boca Raton, United States (AS13886, Cloud South) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. 2 events.", "expiration": "2026-04-28T12:51:45", "is_active": 1 }, { "id": 4284339799, "indicator": "182.242.168.188", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 182.242.168.188 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4284223196, "indicator": "129.226.83.233", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 129.226.83.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4282004138, "indicator": "47.236.81.53", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.236.81.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 2674396149, "indicator": "182.119.229.94", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.229.94 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4009598700, "indicator": "223.199.166.215", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 223.199.166.215 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4283869583, "indicator": "47.84.198.117", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 47.84.198.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4167699542, "indicator": "114.97.191.136", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 3910575222, "indicator": "118.212.123.157", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4283832777, "indicator": "47.245.141.41", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.141.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4282428064, "indicator": "47.84.142.238", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.142.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4160192487, "indicator": "124.227.31.35", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.227.31.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4022022219, "indicator": "59.52.100.239", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.100.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4180325831, "indicator": "59.173.110.5", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 2915339664, "indicator": "110.177.181.160", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.181.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4284220734, "indicator": "171.213.135.78", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 171.213.135.78 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-03-29 12:56 and 2026-03-29 12:56 UTC.", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4284339800, "indicator": "208.56.143.246", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 208.56.143.246 observed using SSH client fingerprint 'Unknown SSH Client (01ca35584ad5)' 22 times when connecting to offbackup1 between 2026-03-29 12:51 and 2026-03-29 12:54 UTC.", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4047076112, "indicator": "101.68.50.7", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.68.50.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4037483056, "indicator": "119.48.135.167", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 119.48.135.167 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4173292393, "indicator": "59.173.110.181", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4185857667, "indicator": "59.173.109.84", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4284339801, "indicator": "117.15.91.254", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.15.91.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4283987621, "indicator": "122.9.46.175", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 122.9.46.175 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 2 times when connecting to db4lamedtech between 2026-03-29 12:35 and 2026-03-29 13:02 UTC.", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4280210961, "indicator": "36.155.148.122", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 36.155.148.122 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 5 times when connecting to db1lapetro between 2026-03-29 12:34 and 2026-03-29 12:34 UTC.", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4125887748, "indicator": "18.97.19.243", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 18.97.19.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 3558802582, "indicator": "87.236.176.209", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 3759353062, "indicator": "60.13.7.84", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.13.7.84 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4181110249, "indicator": "59.173.111.23", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 3670109228, "indicator": "36.106.166.63", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 2131916835, "indicator": "36.106.167.222", "type": "IPv4", "created": "2026-03-29T13:52:00", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.167.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T13:52:00", "is_active": 1 }, { "id": 4283761330, "indicator": "129.226.83.66", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore, Singapore (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 2 events. GTI: MALICIOUS | 7/94 engines flagged malicious | AS132203 (Tencent Building, Kejizhongyi Avenue) | 1 DNS resolutions | 1 malicious URL(s) hosted.", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3781939378, "indicator": "211.109.76.189", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 211.109.76.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3858769067, "indicator": "60.13.6.51", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.51 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4283848433, "indicator": "47.84.131.144", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.131.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3650658811, "indicator": "193.37.33.139", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 193.37.33.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3650664244, "indicator": "193.37.33.120", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 193.37.33.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3659981272, "indicator": "193.37.33.107", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 193.37.33.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3850293253, "indicator": "123.245.85.109", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3778778387, "indicator": "182.242.168.96", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.168.96 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4284546574, "indicator": "47.245.143.200", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.143.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3718244937, "indicator": "61.132.109.138", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 297 failed login attempts, 297 credential pairs tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 01ca35584ad5...); duration: 16m 48s; 1485 events.", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4282439551, "indicator": "47.237.187.66", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.187.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4019762165, "indicator": "118.212.121.133", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.133 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4260801294, "indicator": "120.48.20.189", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 120.48.20.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3850750493, "indicator": "118.212.120.39", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4187415874, "indicator": "164.90.205.222", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP from Amsterdam, Netherlands. Observed targeting healthcare sector honeypot mdms-hp-01 via h0neytr4p. 1 events.", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3767162101, "indicator": "218.2.231.131", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via adbhoney. Session included execution of 6 post-compromise commands, delivery of 3 malware samples. duration: 5m 37s; 13 events.", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4284546575, "indicator": "34.208.15.74", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 34.208.15.74 observed using SSH client fingerprint 'Unknown SSH Client (87e3d9ffee05)' 8 times when connecting to db1lapetro between 2026-03-29 14:08 and 2026-03-29 14:08 UTC.", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4131372375, "indicator": "197.251.249.75", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 197.251.249.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4172754658, "indicator": "59.173.109.80", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4282422756, "indicator": "47.245.135.169", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.135.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3683844294, "indicator": "45.172.118.9", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 45.172.118.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4284546576, "indicator": "106.12.74.119", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 106.12.74.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3471592064, "indicator": "59.126.193.88", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 59.126.193.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3860268462, "indicator": "123.245.85.158", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4284546577, "indicator": "47.84.139.148", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.139.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 3359020492, "indicator": "137.184.118.34", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 137.184.118.34 observed using TLS client fingerprint 'Unknown TLS Client (96009793caf4)' 2 times when connecting to db1lapetro between 2026-03-29 13:51 and 2026-03-29 13:51 UTC.", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4161544318, "indicator": "221.199.73.183", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 221.199.73.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4284546578, "indicator": "172.233.38.119", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 172.233.38.119 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 251 times when connecting to db4lamedtech between 2026-03-29 13:19 and 2026-03-29 13:45 UTC.", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4153969382, "indicator": "156.238.236.46", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 622457605, "indicator": "59.52.100.157", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.52.100.157 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4181107314, "indicator": "110.90.106.138", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.90.106.138 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4281953962, "indicator": "116.176.62.179", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 116.176.62.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4014334957, "indicator": "171.37.46.76", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.37.46.76 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4282409238, "indicator": "47.254.174.130", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.254.174.130 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4010990647, "indicator": "103.217.145.41", "type": "IPv4", "created": "2026-03-29T14:52:11", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.217.145.41 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to offbackup1 between 2026-03-29 12:45 and 2026-03-29 14:28 UTC.", "expiration": "2026-04-28T14:52:11", "is_active": 1 }, { "id": 4172924158, "indicator": "116.178.130.86", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 116.178.130.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4284973892, "indicator": "40.87.104.188", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 40.87.104.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4173134479, "indicator": "116.178.131.16", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3942731398, "indicator": "59.52.177.135", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.52.177.135 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4172947742, "indicator": "36.250.220.115", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 2920098501, "indicator": "123.138.79.98", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 123.138.79.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4172204469, "indicator": "116.178.130.210", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.130.210 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4284973893, "indicator": "118.113.217.208", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 118.113.217.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4178965269, "indicator": "117.25.122.108", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.25.122.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4282102085, "indicator": "8.211.26.207", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.211.26.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4173195943, "indicator": "36.250.220.95", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.220.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3994261864, "indicator": "18.97.5.73", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 18.97.5.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4284973894, "indicator": "172.233.38.64", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 172.233.38.64 observed triggering 6 Suricata alerts (medium severity, Attempted Information Leak) targeting offbackup1. Signatures detected: ET SCAN Potential SSH Scan. This IP exhibited malicious behavior consistent with Attempted Information Leak patterns.", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4173302075, "indicator": "222.176.200.31", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4283986002, "indicator": "8.211.7.142", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.211.7.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 143544280, "indicator": "121.29.84.57", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.57 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3904726759, "indicator": "118.212.123.234", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4058699589, "indicator": "175.19.75.189", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 175.19.75.189 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3670086205, "indicator": "60.13.7.110", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.110 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4159926149, "indicator": "27.47.27.47", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.27.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4165499049, "indicator": "116.178.128.44", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.128.44 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3839674971, "indicator": "118.212.123.86", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4008387441, "indicator": "220.167.233.109", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 220.167.233.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4162505512, "indicator": "27.47.26.58", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.26.58 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4284973895, "indicator": "59.50.189.207", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.50.189.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, hacking, high).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4181344688, "indicator": "46.151.182.220", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 46.151.182.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4281546986, "indicator": "182.114.193.90", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.114.193.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4047688860, "indicator": "123.160.175.250", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.160.175.250 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4284225920, "indicator": "5.161.121.36", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Ashburn, United States (AS213230, Hetzner Online GmbH) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 12m 22s; 35 events.", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4101320251, "indicator": "182.119.230.73", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.230.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4284973896, "indicator": "172.233.38.74", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Amsterdam, The Netherlands (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 103 failed login attempts, 103 credential pairs tried across 67 unique usernames. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 11m 15s...", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3892947004, "indicator": "118.212.121.193", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.193 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4284203117, "indicator": "121.237.10.232", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 12 failed login attempts, 12 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewall manipulation), ...", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3916908314, "indicator": "220.167.232.5", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3850293880, "indicator": "60.13.7.87", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4023980137, "indicator": "171.36.6.21", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.36.6.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4173866979, "indicator": "114.97.190.169", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4283988023, "indicator": "157.20.172.86", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Chennai, India (AS138244, HOSTZOP CLOUD SERVICES PRIVATE LIMITED) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 13m 50s; 25...", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4173427468, "indicator": "116.178.130.243", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4282391232, "indicator": "47.236.179.0", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.236.179.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4156707394, "indicator": "124.117.193.107", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.193.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4177407184, "indicator": "27.47.26.108", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.108 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3650658812, "indicator": "193.37.33.155", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 193.37.33.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3642507477, "indicator": "193.37.33.121", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 193.37.33.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4156639299, "indicator": "121.29.149.134", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 121.29.149.134 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4179386342, "indicator": "116.178.129.167", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.167 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4202992372, "indicator": "112.122.237.170", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.122.237.170 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4176785312, "indicator": "27.47.24.187", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 27.47.24.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4266473552, "indicator": "176.65.139.60", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 176.65.139.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3781849230, "indicator": "193.37.33.154", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4177136192, "indicator": "116.178.129.2", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.129.2 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3865441690, "indicator": "123.245.85.218", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 123.245.85.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4161070670, "indicator": "116.178.130.103", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.130.103 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4172570850, "indicator": "112.94.190.212", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.190.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 3820586735, "indicator": "182.242.168.43", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.168.43 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4172911237, "indicator": "59.173.111.249", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.111.249 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4007192706, "indicator": "110.177.182.50", "type": "IPv4", "created": "2026-03-29T15:52:17", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.182.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T15:52:17", "is_active": 1 }, { "id": 4023120463, "indicator": "118.212.123.203", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.203 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4028761971, "indicator": "118.212.121.140", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4168968764, "indicator": "106.124.147.169", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.124.147.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4285300091, "indicator": "119.30.118.250", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 119.30.118.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, port-scan).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4031715758, "indicator": "118.212.123.112", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.112 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4218213682, "indicator": "117.29.8.207", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.29.8.207 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4282105431, "indicator": "47.237.124.132", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.124.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4023841617, "indicator": "171.36.6.132", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.36.6.132 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4283986009, "indicator": "144.217.229.208", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 144.217.229.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4285300092, "indicator": "47.84.137.2", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.137.2 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (critical, exploited-host, hacking).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 3462403814, "indicator": "180.95.238.227", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 2816417826, "indicator": "124.227.31.111", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 124.227.31.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 2931791660, "indicator": "60.13.7.222", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4285300093, "indicator": "171.120.157.203", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.120.157.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4283832970, "indicator": "47.84.114.31", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.114.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4179111798, "indicator": "59.173.111.72", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.72 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 3753309477, "indicator": "60.13.7.141", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 60.13.7.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4285300094, "indicator": "34.30.135.210", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 34.30.135.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4164293268, "indicator": "116.178.131.77", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.77 classified as attacker with unclear intent (low confidence). Origin: enriched.", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4011781105, "indicator": "185.247.137.248", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4161057350, "indicator": "27.47.24.55", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4172206722, "indicator": "222.176.200.139", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4177495562, "indicator": "27.47.25.116", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4160195977, "indicator": "59.173.110.103", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 59.173.110.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4120920360, "indicator": "59.26.66.44", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 59.26.66.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4161542622, "indicator": "14.135.74.107", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 14.135.74.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4285300095, "indicator": "16.148.199.201", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 16.148.199.201 observed using SSH client fingerprint 'Unknown SSH Client (87e3d9ffee05)' 8 times when connecting to db4lamedtech between 2026-03-29 16:04 and 2026-03-29 16:04 UTC.", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4160574466, "indicator": "124.117.192.251", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4176619506, "indicator": "36.250.220.227", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 3838078503, "indicator": "220.167.232.63", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4161055638, "indicator": "121.29.85.28", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 121.29.85.28 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 3940451943, "indicator": "123.145.31.158", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 123.145.31.158 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4173706207, "indicator": "222.176.200.58", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.58 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4056001728, "indicator": "171.37.191.230", "type": "IPv4", "created": "2026-03-29T16:52:36", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Nanning, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-28T16:52:34", "is_active": 1 }, { "id": 4132193378, "indicator": "167.86.95.210", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 167.86.95.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 3825643391, "indicator": "182.119.226.192", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.226.192 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4285301753, "indicator": "144.172.112.102", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 144.172.112.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 3890750067, "indicator": "220.167.233.218", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 220.167.233.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4284208390, "indicator": "113.209.196.69", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 113.209.196.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 3557676467, "indicator": "206.189.205.166", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 206.189.205.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4272941912, "indicator": "61.179.242.51", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 61.179.242.51 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 3910735802, "indicator": "58.212.237.50", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 58.212.237.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, hacking).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4282305471, "indicator": "47.84.141.126", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.141.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4174391274, "indicator": "27.47.24.198", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 3753323594, "indicator": "143.198.204.165", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 143.198.204.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4173936603, "indicator": "221.13.86.48", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 221.13.86.48 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4157103720, "indicator": "36.250.220.164", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.250.220.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4187584738, "indicator": "110.37.65.64", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.37.65.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 3915640129, "indicator": "222.94.32.194", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 222.94.32.194 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4008829680, "indicator": "220.167.233.85", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.233.85 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4183839336, "indicator": "59.173.108.5", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.108.5 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 3904632541, "indicator": "1.85.219.104", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.85.219.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4173160393, "indicator": "110.90.224.63", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.90.224.63 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4173717274, "indicator": "116.178.128.217", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.128.217 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4173336736, "indicator": "101.249.60.100", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 101.249.60.100 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (hacking, low, multi-reported).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4162726637, "indicator": "114.97.190.10", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4182376217, "indicator": "36.250.221.212", "type": "IPv4", "created": "2026-03-29T17:52:42", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-28T17:52:41", "is_active": 1 }, { "id": 4163130480, "indicator": "114.97.191.123", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 3910867693, "indicator": "118.212.121.37", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.37 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4283529247, "indicator": "120.48.178.142", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 120.48.178.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4160585025, "indicator": "146.190.125.154", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 146.190.125.154 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 3214074510, "indicator": "175.107.0.204", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 175.107.0.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4137338943, "indicator": "217.182.194.25", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 217.182.194.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4285304204, "indicator": "174.138.3.242", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 174.138.3.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4173328044, "indicator": "116.178.128.173", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 116.178.128.173 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4177511241, "indicator": "116.178.131.226", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.131.226 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4283706247, "indicator": "47.236.199.209", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.236.199.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4173137043, "indicator": "222.176.201.135", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.135 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 3995734216, "indicator": "45.148.10.34", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.148.10.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4285304205, "indicator": "47.84.134.50", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.134.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4173906504, "indicator": "116.178.130.101", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4173516682, "indicator": "116.178.131.67", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4277262291, "indicator": "66.132.186.239", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.132.186.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4136468110, "indicator": "160.3.11.128", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 160.3.11.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 3916195893, "indicator": "123.245.84.26", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4036687016, "indicator": "41.181.156.205", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Germiston, South Africa (AS16637, MTN Business Solutions). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, p...", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4283848422, "indicator": "47.245.137.249", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.137.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4281800348, "indicator": "167.99.92.180", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 167.99.92.180 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4266423718, "indicator": "165.232.126.113", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 165.232.126.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4285304206, "indicator": "120.224.172.222", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 120.224.172.222 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to offbackup1 between 2026-03-29 18:11 and 2026-03-29 18:11 UTC.", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 3850290064, "indicator": "180.95.238.126", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4160481395, "indicator": "116.178.128.52", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4173687492, "indicator": "59.52.103.110", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.52.103.110 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4283839119, "indicator": "112.80.80.211", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 112.80.80.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4181102941, "indicator": "116.178.129.152", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4279954348, "indicator": "103.131.85.199", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.131.85.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4164881657, "indicator": "46.6.14.135", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 46.6.14.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4284198453, "indicator": "47.245.138.0", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.138.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4284220916, "indicator": "37.139.8.32", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Amsterdam, The Netherlands (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 13m 3s; 25 e...", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4025291270, "indicator": "118.212.120.203", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 3844416298, "indicator": "83.118.24.18", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Thailand (AS132280, Symphony Communication Thailand PCL.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 13m 20s; 25 events.", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 2237001308, "indicator": "1.83.125.232", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4282560913, "indicator": "47.254.176.225", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.176.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4164651606, "indicator": "59.173.109.153", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4278758188, "indicator": "118.196.69.28", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 118.196.69.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4001221531, "indicator": "219.138.221.147", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 9m 56s; 20 events.", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4199710489, "indicator": "23.111.75.127", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 23.111.75.127 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 23 times when connecting to offbackup1 between 2026-03-29 16:37 and 2026-03-29 17:41 UTC.", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4285304207, "indicator": "173.212.215.149", "type": "IPv4", "created": "2026-03-29T18:52:50", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-28T18:52:49", "is_active": 1 }, { "id": 4262474875, "indicator": "3.82.104.80", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 3.82.104.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4263074598, "indicator": "34.201.57.118", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 34.201.57.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4266836704, "indicator": "3.80.204.163", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 3.80.204.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4268202552, "indicator": "18.205.150.207", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 18.205.150.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4212122813, "indicator": "177.194.97.142", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 177.194.97.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4282423555, "indicator": "8.211.28.119", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 8.211.28.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4282439751, "indicator": "47.91.87.204", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 47.91.87.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4282428066, "indicator": "47.84.205.178", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.205.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4285302342, "indicator": "172.233.38.21", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Amsterdam, The Netherlands (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 64 failed login attempts, 64 credential pairs tried across 47 unique usernames. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 5m 45s; 320 events.", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4122011674, "indicator": "123.141.253.53", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 123.141.253.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4282461963, "indicator": "47.237.121.158", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.121.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4285302362, "indicator": "206.248.16.21", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 206.248.16.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4173137050, "indicator": "182.119.227.86", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.227.86 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 3873662276, "indicator": "220.167.232.161", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4173274097, "indicator": "222.176.201.70", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 222.176.201.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 3433951213, "indicator": "1.83.125.134", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4268170985, "indicator": "64.226.69.178", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 64.226.69.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4277145016, "indicator": "66.132.186.252", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.186.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 197214035, "indicator": "27.115.124.2", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 27.115.124.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4137510882, "indicator": "176.65.148.109", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 176.65.148.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 3865313786, "indicator": "180.95.238.205", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 180.95.238.205 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4277158359, "indicator": "120.226.40.228", "type": "IPv4", "created": "2026-03-29T19:52:58", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 120.226.40.228 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 3 times when connecting to db4lamedtech between 2026-03-29 18:43 and 2026-03-29 18:44 UTC.", "expiration": "2026-04-28T19:52:56", "is_active": 1 }, { "id": 4282462163, "indicator": "47.84.136.177", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.136.177 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, high).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 3923568217, "indicator": "185.247.137.28", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4285363592, "indicator": "43.165.171.180", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:reported. 43.165.171.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4285363593, "indicator": "47.84.135.131", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.135.131 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4282462171, "indicator": "47.84.204.63", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.204.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4282422767, "indicator": "47.254.171.185", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 47.254.171.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4285302189, "indicator": "172.233.38.79", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.233.38.79 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4180195062, "indicator": "113.57.184.163", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 113.57.184.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 3775102715, "indicator": "121.121.199.93", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 121.121.199.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4172754481, "indicator": "36.250.220.77", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.250.220.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4272972350, "indicator": "161.35.43.193", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 161.35.43.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4285304871, "indicator": "96.126.108.181", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Cedar Knolls, United States (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 131 failed login attempts, 131 credential pairs tried across 84 unique usernames. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 11m 55s; 652 ...", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4284099166, "indicator": "139.59.112.10", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 139.59.112.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4282102033, "indicator": "47.236.252.83", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.236.252.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4112435134, "indicator": "73.29.219.168", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 73.29.219.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4285300290, "indicator": "172.233.38.226", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 172.233.38.226 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 251 times when connecting to offbackup1 between 2026-03-29 19:57 and 2026-03-29 20:22 UTC.", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4285302146, "indicator": "52.180.158.245", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 52.180.158.245 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 102 times when connecting to mdms1 between 2026-03-29 19:53 and 2026-03-29 19:53 UTC.", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 3871971150, "indicator": "222.94.32.71", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.94.32.71 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 3114807795, "indicator": "62.171.171.4", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 62.171.171.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4247271836, "indicator": "118.196.38.83", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 118.196.38.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4226131641, "indicator": "192.42.116.51", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 3398317699, "indicator": "101.249.60.43", "type": "IPv4", "created": "2026-03-29T20:53:05", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 101.249.60.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T20:53:04", "is_active": 1 }, { "id": 4191615026, "indicator": "68.183.201.25", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 68.183.201.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 4282398115, "indicator": "47.84.142.63", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 47.84.142.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 4281006004, "indicator": "5.187.35.142", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 5.187.35.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 4119199369, "indicator": "103.254.172.165", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.254.172.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 3992824979, "indicator": "195.222.172.22", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 195.222.172.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 4134992445, "indicator": "128.106.221.38", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 128.106.221.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 4165943558, "indicator": "50.6.230.112", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 50.6.230.112 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 5 times when connecting to mdms1 between 2026-03-29 21:18 and 2026-03-29 21:18 UTC.", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 4072477750, "indicator": "14.205.104.200", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 14.205.104.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 4283986005, "indicator": "47.245.136.243", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.136.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 3694542453, "indicator": "84.246.85.11", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 84.246.85.11 observed using HTTP client fingerprint 'HTTP Client: 2ip bot/1.1 (+https://2ip.io)' 3 times when connecting to mdms1 between 2026-03-29 21:03 and 2026-03-29 21:03 UTC.", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 4285376147, "indicator": "51.91.126.141", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 51.91.126.141 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 18 times when connecting to mdms1 between 2026-03-29 21:09 and 2026-03-29 21:09 UTC.", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 4282439560, "indicator": "47.245.142.160", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.142.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 4285376148, "indicator": "219.156.23.161", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 219.156.23.161 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 3193080195, "indicator": "139.59.92.165", "type": "IPv4", "created": "2026-03-29T21:53:12", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 139.59.92.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-28T21:53:11", "is_active": 1 }, { "id": 4285470874, "indicator": "123.145.35.184", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.145.35.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4283527853, "indicator": "113.228.90.237", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 113.228.90.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 3942149561, "indicator": "61.42.103.130", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 61.42.103.130 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4170085667, "indicator": "180.111.30.4", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 180.111.30.4 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4173648462, "indicator": "27.47.25.59", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 27.47.25.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4201143908, "indicator": "116.172.249.78", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.172.249.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4173292383, "indicator": "116.178.131.55", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.131.55 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4282397908, "indicator": "47.245.139.168", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.139.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4280210747, "indicator": "43.135.74.164", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP from Hong Kong, Hong Kong (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 15m 59s; 76 events.", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4089344949, "indicator": "222.108.39.109", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 222.108.39.109 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4008056912, "indicator": "123.245.84.47", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.84.47 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4275709457, "indicator": "42.4.63.103", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 42.4.63.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4282423553, "indicator": "8.209.107.26", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.209.107.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4285470875, "indicator": "221.13.86.116", "type": "IPv4", "created": "2026-03-29T22:53:20", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.", "expiration": "2026-04-28T22:53:18", "is_active": 1 }, { "id": 4200463134, "indicator": "112.121.204.181", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 112.121.204.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4282398124, "indicator": "47.84.206.215", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.206.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4282102082, "indicator": "8.211.13.101", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 8.211.13.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4172960292, "indicator": "223.199.169.182", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 223.199.169.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4172944603, "indicator": "222.176.201.197", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.197 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 2749317728, "indicator": "60.13.7.247", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4164535636, "indicator": "116.178.130.183", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.183 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4039774341, "indicator": "123.160.174.105", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.160.174.105 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4284252369, "indicator": "47.254.172.185", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.172.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 2941068169, "indicator": "110.177.176.29", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.176.29 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4209920301, "indicator": "110.90.224.37", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.90.224.37 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4160891400, "indicator": "27.47.27.158", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 3752892463, "indicator": "182.242.169.38", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.169.38 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4212474618, "indicator": "101.249.60.151", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.60.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, low).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4088742601, "indicator": "216.73.216.214", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 216.73.216.214 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl...' 2 times when connecting to db1lapetro between 2026-03-29 23:13 and 2026-03-29 23:13 UTC.", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4184276091, "indicator": "116.172.249.67", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.172.249.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4285476525, "indicator": "217.154.200.32", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP from Germany (AS8560, IONOS SE). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 6m 41s; 15 events.", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4283674802, "indicator": "47.84.139.122", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.139.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4285309037, "indicator": "122.177.242.236", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Hyderabad, India (AS24560, Bharti Airtel Ltd., Telemedia Services). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 14m 52s; 21 events.", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4165157807, "indicator": "116.172.249.227", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.172.249.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4162727570, "indicator": "36.250.221.161", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.250.221.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 3891965500, "indicator": "120.77.224.247", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 120.77.224.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4176107548, "indicator": "27.155.172.70", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.155.172.70 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 2605379211, "indicator": "36.106.167.249", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.249 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 3887479801, "indicator": "118.212.120.159", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4170166615, "indicator": "222.176.201.78", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.78 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 2662526374, "indicator": "60.13.7.98", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.13.7.98 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).", "expiration": "2026-04-28T23:53:33", "is_active": 1 }, { "id": 4284249969, "indicator": "189.150.24.62", "type": "IPv4", "created": "2026-03-29T23:53:34", "content": "", "title": "", "description": "Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Tuxtla Guti\u00e9rrez, Mexico (AS8151, UNINET). Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. 1 events.", "expiration": "2026-04-28T23:53:33", "is_active": 1 } ]